How to Install RapidSSL

algore

Verified User
Joined
Aug 9, 2007
Messages
13
Hey

I have recently ordered RapidSSL certificate

How do it use it

What i have done so far

Went to DA >> SSL Certificates >> Create A Certificate Request >> Created and then got the SSL from rapidSSL

then they provided some codes

Went to Click Here to paste a CA Root Certificate and pasted that and saved ( i have ticked the Use a CA Cert )

Then what ????

I am not able to make use of the SSL.

When ever i use the https it says " This Connection is Untrusted "

Can anyone please help
 
Last edited:
Did you follow the instructions and paste the certificate under the key?

Click Here to paste a CA Root Certificate

Did you actually receive a CA Root Certificate?

If you received two files then one gets pasted under the key and the other goes to the CA Root Certificate form.
 
I got a certificate from them and pasted under CA Root Certificate and saved

They issued me

Congratulations! Your RapidSSL Certificate has been issued and is pasted at the bottom of this email.

It looks like

Your RapidSSL certificate:

-----BEGIN CERTIFICATE-----

Content inside

-----END CERTIFICATE-----

Then i am not able to see the effect of it ??? still says

When ever i use the https it says " This Connection is Untrusted "

HELP Please
 
If you only got one file then you need to go back and follow the directions.

Go back and click Click Here to paste a CA Root Certificate and then uncheck the box for Use a CA Cert. and click Save. This (hopefully) will delete the CA Root Certificate.

The follow the instructions from the main SSL page:

When you get the certificate from the Certificate Authority using the request, simply paste the certificate in the field after the key on a new line and click "Save"

If you got 2 files from RapidSS then you will need to figure out which one is which.
 
Still dont work ..

The SSL team says

your site is using a self signed local host
or comment out your default SSL directive

do you know where the csr is located?

How to deal with it now ??
 
Is your domain name the same as your hostname? If so, it won't work.

Is your domain name entered into the DirectAdmin admin's user-level? If so, then there may be special instructions.

Next time buy a Certificate from a company that does installation :).

Jeff
 
Hi
I am having the same problems directadmin still uses root certificate
My server name is different from certified hostname
Yes my domain name into the DirectAdmin admin's user-level which special instructions ???
 
I'm not sure what you mean when you write that DirectAdmin is using the root certificate. Just what Certificate do you mean?

If it's DirectAdmin using th Certificate, then you don't have the same problem, because if the Certificate is for DirectAdmin then you need to create the Certificate Request manually, not through DirectAdmin.

Is the Certificate for the DirectAdmin login (usually at port 2222), or for a domain running on the server?

Start by telling us the server's hostname, the domain name for which the Certificate is issued, and the domain name for which you want the Certificate to work.

Also tell us from you purchased the Certificate (the brand name of the Certificate).

Then hopefully we'll have enough information to help you.

The special instructions are for users installing a Certificate into the user-level of the admin login of the DirectAdmin control panel, but only if the Certificate requires what we call a CA Root Certificate.

After you let us know the answers to the questions above someone here should be able to help you.

Jeff
 
Thanks for the very fast reply

Well what I mean is that although I tried to follow all the steps from the documentation when I try my secure site https://www.altranslations.eu it still gives certificate error in IE
Then when I click on view certificate it says localhost
So I assume that my certificate is not correctly installed
I manually changed httpd-vhosts.conf and added SSLCACertificatefile but still have the problem
 
Since you didn't answer my questions I don't see how I can help. Maybe someone else is better at guessing than I am.

Jeff
 
Thanks for the very fast reply

Well what I mean is that although I tried to follow all the steps from the documentation when I try my secure site https://www.altranslations.eu it still gives certificate error in IE
Then when I click on view certificate it says localhost
So I assume that my certificate is not correctly installed
I manually changed httpd-vhosts.conf and added SSLCACertificatefile but still have the problem
Sorry pressed too fast on submit here is the other info:
serverhostname -vertaalbureau.altranslations.be
domain name is altranslations.eu
brand name rapid SSL
I want it to work on https://www.altranslations.eu
 
The hostname and the domain name are both on the same IP#. This can only be made to work if the site is set up in the user screen of the admin login. If that's not the case then you need to give the domain name it's own user and it's own IP#.

If it is true, then you should have gotten a notice to be sure to save and install both the private key and the certificate once you got the certificate. Hopefully you've done that.

Sorry, I didn't notice that RapidSSL was in the thread name. rapidSSL doesn't require a CA Root Certificate.

I don't know what change syou made where to the httpd-vhosts.conf file, so that's not going to help you.

Hopefully someone else can help you.

You can of course hire someone to log into your server, figure it out and fix it. But that may be more expensive than buying a Certificate from someone who offers DirectAdmin installation included in the Certificate price.

See the Advertising subforum.

Jeff
 
I solved the issue ;)

For all fellow newbies I will explain how
I discovered that the certificate I received from RapidSSL did not match anymore with the actual private key.
Where it went wrong…
After I made a certificate request Direct admin gave me a Certificate that needs to be put together with the private key. To do that, direct admin obliges you to go back to the previous page. Well that is where I made the mistake although I pasted the certificate at the correct location, I didn't notice that Direct admin automatically points to "Use the server's shared signed certificate" I have the impression (but I am not sure) that when you press save with this option selected, a new private key is produced which makes your signed certificate useless.
To avoid these problems I re-created a request, copied the associated private key to Notepad ++ and when I received the signed certificate back I selected "Paste pre-generated certificate and key" and copied there both certificate and corresponding private key
And yes all in a sudden it started to work without expensive consultant :D
This sounds not like a bug since everything works but I feel that there is great opportunity to further elaborate the user friendliness of the interface in the next releases :rolleyes:
Anyway thanks Jef for your kind replies
 
I'm not sure what you mean, since building a CSR (Certificate request) doesn't give you a Certificzte to be used with the private key.

And if you're attempting to create a CSR for server's shared signed certificate DirectAdmin warns you that you must save the Private key at that time.

All is will that ends well; I'm glad you got it working.

If you have a specific suggestion for a change to the DirectAdmin interface, then please elaborate it specifically; sometimes we all benefit from fresh eyes looking at what we who are experienced don't perceive as a problem.

Jeff
 
Sorry to bring this thread up, but I still don't have a clue what is behind this whole situation which is described above. Also the way it works behind DirectAdmin, technically, you just have to know that part to figure out why it doesn't turn out the way it should be... i quess..

And that's why I tell myself: I don't want to know all that. After all I have done I don't know where I am now in the procedure of installing the certificate, so the best thing is to check the mail from RapidSSL again. They give me:

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Because there is no explaination for DirectAdmin, I cannot use the link they give me in the mail. Instead I check the manual of DA and this forum.

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the RapidSSL intermediate Certificate included at the end of this e-mail on your server together with your Certificate or it may not operate correctly.
I am not sure what that means. I received two pieces of 'code':
- a 'Web Server CERTIFICATE'
- and an 'INTERMEDIATE CA'
What is this 'Intermediate certificate'?
This I received after I followed the instructions of renewal. Cause I already had a certificate before. It al turned out fine and I received the mail with those two pieces of 'code'. But in DA I cannot find anything like an 'intermediate certificate' installation, neither in the manual. What is it and how can I use it? Or: where do I need to paste it and when?

After that I can:

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.rapidssl.com/supp...=content&id=SO9556&actp=LIST&viewlocale=en_US

If I check it now, I receive an error:
"Invalid chain
Error: The certificate installation checker connected to the Web server and read its certificates, but could not determine which is the primary certificate for the Web server. Make sure that the domain name entered above matches the common name of the certificate installed on the Web server.


So yes, it's still not good, but I really have no clue how to solve it or what to do.

What is also confusing me is the BEGIN RSA PRIVATE KEY which I can find in DirectAdmin under: 'Paste a pre-generated certificate and key'. I still don't see what it is or how it fits in the procedure of installing the certificate, but Im sure it needs to be used at some point :).

Is there someone who can tell me in non-technical words, step by step, how to install the certificate in DA? I follow the steps in the DA manual, BUT even then! There seem to be three situations: use the server certificate (that's not the one I have to choose, I know that), and there is: pre-generated certificate or self-signed certificate. What's the difference? Is it 'self-signed' because I bought it myself? Maybe I followed the wrong manual?

Please, if someone could give a step-by-step 'go to this, choose this, paste this and that there'... it would be very helpfull..
 
Last edited:
I keep writing that it's probably cheapest if you don't know what you're doing to buy a Certificate from us for $45 including installation (search the advertising subforum) :).

But it's easy enough, really:
INSTALL CERTIFICATE:
Because there is no explaination for DirectAdmin, I cannot use the link they give me in the mail. Instead I check the manual of DA and this forum.
It appears you've gotten this far, and have installed the Certificate, because if not you would have gotten a different error.
INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the RapidSSL intermediate Certificate included at the end of this e-mail on your server together with your Certificate or it may not operate correctly.
I am not sure what that means. I received two pieces of 'code':
- a 'Web Server CERTIFICATE'
- and an 'INTERMEDIATE CA'
What is this 'Intermediate certificate'?
It's their email; it's their fault if it doesn't make sense :). Instead of writing INTERMEDIATE CA they should have written INTERMEDIATE CA CERTIFICATE, CA is an appreviation for Certificate Authority, and they're the Certificate Authority.
This I received after I followed the instructions of renewal. Cause I already had a certificate before. It al turned out fine and I received the mail with those two pieces of 'code'. But in DA I cannot find anything like an 'intermediate certificate' installation, neither in the manual. What is it and how can I use it? Or: where do I need to paste it and when?
DirectAdmin calls it a CA Root Certificate; just click on the words Click Here to install it. The confusion stems from the fact that some CAs will send you no extra Certificates, some both a Root Certificate and an Intermediate Certificate, and some only one.

Whatever they send you as extra certificates should be installed where DirectAdmin says to install the CA Root Certificate. One immediately under the other if there's more than one, in the order in which they're sent to you.
What is also confusing me is the BEGIN RSA PRIVATE KEY which I can find in DirectAdmin under: 'Paste a pre-generated certificate and key'. I still don't see what it is or how it fits in the procedure of installing the certificate, but Im sure it needs to be used at some point :).
You leave it alone, and put your Certificate immediately under it. As I wrote previously, you appear to have gotten this part right, because your error message doesn't mention a missing PRIVATE KEY. If you lose the private key you need to get the folk at RapidSSL to reissue your Certificate, so don't lose it.
Is there someone who can tell me in non-technical words, step by step, how to install the certificate in DA?
I learned from the DirectAdmin help site but it's not for everybody. We offer a Flash video tutorial our clients can follow, but we didn't create and the company we bought it from doesn't allow us to give out links publicly; we've only bought rights to make it available for our clients. If you own your server and you want to offer it and others to your clients, then you should contact DemoWolf (demowolf.com) for more information, or to search for and view the tutorial yourself. If you're the client of a hosting company you should be getting support from them.
I follow the steps in the DA manual, BUT even then! There seem to be three situations: use the server certificate (that's not the one I have to choose, I know that), and there is: pre-generated certificate or self-signed certificate. What's the difference? Is it 'self-signed' because I bought it myself? Maybe I followed the wrong manual?
A pre-generated Certificate is one you buy using the CSR you create, and you check that after you get the Certificate back from RapidSSL. A self-signed Certificate is one you create yourself, on the server. If you use that then visitors to your site will see an error; you should only use self-signed Certificates for sites used only internally to your company.

Jeff
 
Thanks for the quick reply.

I did two things:
First I pasted the intermediate CA 'code' in the CA Root Certificate area; you come there by clicking 'Click here to install the root CA.... '. I immidiately got the message that all is ok and that after a few minutes the certificate would be active/site would be secure. But after 10 minutes I still don't have a secure website. It says it's not secure and I can open it but it's not recommended.

So the second thing I tried is to paste the intermidiate CA 'code' right under the RSA key. I didn't forget to select that option too. But then it's not ok at all: I see an error:
error using key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

The certificate and key do not match. Please ensure you are using the correct key with this certificate


So I'm wandering... is the key not good after all? Or did I do something wrong? And yes... I'm pretty convinced that I'm going to buy one at your company next time :).
 
The first method you used should have worked and I don't know why it didn't. The second will never work; it puts the CA cert into the wrong file.

So do the first again, then restart http, and wait at least a minute, before trying again. If it still fails, then choose to look at the Cert in your browser. Then look at the entire Cert Chain to try to figure out what's missing.

One more thing: is this the main server user-level account, under the admin login (user level)? If so, then make sure you've updated DirectAdmin to the latest version. And if it still doesn't work, look at this thread.

It would be more expensive to have me look at the machine and figure out why their Certificate isn't working for you than it would be to buy one from me now, with installation. If you've had the cert less than a week or so, and can't get it installed it's possible the RapidSSL people will revoke it and refund it for you if you bought directly from them; I don't know.

Jeff
 
I sended RapidSSL an e-mail wit hthe situation and that pasting the intermediate code will not do the trick. I also watched the other thread but in the httpd.conf I cannot find any of those entries. Besides that the main domain (hostname) of the server is different then the domain I would like to install the certificate for. And that domain is not part of the admin account either; it's in a different user account.

When I hear something from RapidSSL Support (or when they agree to the refund.. :)) I will let you know.

Thanks in advance.
 
Today I received a very helpfull reply from RapidSSL. I probably didn't understand correctly where to past the Web server certificate and where to paste the intermediate certificate!

RapidSSL gave me the following link where this is al described in good detail:
https://knowledge.rapidssl.com/supp...earch&viewlocale=en_US&searchid=1304014962609

Because my RSA key was still valid, I didn't have to get an new one. I just pasted the 'Web server certificate' right under the RSA key and saved it. DirectAdmin told me: 'Web certificate and key saved.'. Then I clicked on the: 'Click here to....' link and pasted the 'Intermediate certificate' there. After I saved it DirectAdmin told me that the website would be secure in a few minutes. And yes, it did! :) Also when I check the certificate information I can see the right information.

I only have some problems with seeing the whole content, but that should be much of a problem I guess.

Thanks for all the help! I appreciate it and it helped me a lot!
 
Back
Top