BigWil
Verified User
- Joined
- Aug 5, 2004
- Messages
- 313
delmartime.secured-ecommerce.net uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
This is the wildcard certificate which configuration we have been using for years. We renewed it yesterday and had to swap it out. Now we are having these firefox problems.
The users httpd.conf contains this.
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/delmartime/domains/delmartimes.com.cacert
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
The certificate was correctly put into server.crt.
The key was correctly put into server.key
The content of the ca-bundle comodo sent me with the cert is in the delmartimes.com.cacert file. Everything checks out and after a server reboot.... (Error code: sec_error_unknown_issuer)
Is DA bypassing the ca-bundle somewhere? This is the server wide wildcard using the server shared IP. Has worked great for many years, but obviously no more.
Server ssl log reports a little differently.
[21/Dec/2010 22:24:44 09895] [error] SSL handshake failed (server localhost:443, client 74.93.163.38) (OpenSSL library error follows)
[21/Dec/2010 22:24:44 09895] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Running latest DA and custombuild, but Apache 1.3.
Any help greatly appreciated.
BigWil
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
This is the wildcard certificate which configuration we have been using for years. We renewed it yesterday and had to swap it out. Now we are having these firefox problems.
The users httpd.conf contains this.
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/delmartime/domains/delmartimes.com.cacert
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
The certificate was correctly put into server.crt.
The key was correctly put into server.key
The content of the ca-bundle comodo sent me with the cert is in the delmartimes.com.cacert file. Everything checks out and after a server reboot.... (Error code: sec_error_unknown_issuer)
Is DA bypassing the ca-bundle somewhere? This is the server wide wildcard using the server shared IP. Has worked great for many years, but obviously no more.
Server ssl log reports a little differently.
[21/Dec/2010 22:24:44 09895] [error] SSL handshake failed (server localhost:443, client 74.93.163.38) (OpenSSL library error follows)
[21/Dec/2010 22:24:44 09895] [error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Running latest DA and custombuild, but Apache 1.3.
Any help greatly appreciated.
BigWil