Invalid security certificate error after installing SSL how to fix?

Shaw

Verified User
Joined
Mar 2, 2011
Messages
15
Hey all

I just bought a ssl certificate and installed it on direct admin. When trying to access secure pages on my site I get the following error.


www.domainhere.com uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for localhost

(Error code: sec_error_untrusted_issuer)

I cant figure out what Im doing wrong, the certificate is not self-signed. I have a dedicated IP. And I believe I installed it correctly.

To install I pasted the Begin Certificate on its own line under End RSA Private Key.

I also pasted the Certificate into Click Here to paste a CA Root Certificate

Can anyone help me with this?

Thanks
Shaw
 
Ooops sorry domainhere was meant as an example it is not my domain.
 
I just get:

Code:
Oops.

Firefox can't load this page for some reason.

You might want to see what your error log is displaying for an error. Also make sure you either have your private_html linked to public_html or that you have files in private_html folder
 
Hi scsi

Thanks for the info, I do not even see a private_html folder. I am pretty novice at this so if you could point me at a help topic on how to create it and set it up for the secure pages it would be greatly appreciated.

Also I dont see anything related to this problem in the error log, but I probably dont know what Im looking for!

Thanks for your help
Shaw
 
Self-signed cert is used for the vhost:

Code:
Initiating SSL handshake.
Handshake successful; connected socket 5 to SSL handle 0x089dba38
certificate:
  subject: /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost
  issuer:  /C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost
ERROR: cannot verify www.rave-nation.com's certificate, issued by `/C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost':
  Self-signed certificate encountered.
ERROR: certificate common name `localhost' doesn't match requested host name `www.rave-nation.com'.

Make sure apache restarted ok.

To make symlink:

User Level Login in Directadmin -> Domain Administration -> Click on desired domain -> Check "Use a symbolic link from private_html to public_html - allows for same data in http and https" -> Save
 
haha sorry im way novice I have no clue how to restart apache. And I did notice earlier related to your symlink note that in rave-nation domain in direct admin, Secure SSL was not checked (above private_html setup for rave-nation.com - (SSL must be enabled above) )

I set that to enabled, and reinstalled the cert again with no luck.

Thanks for trying to help!
 
Are you a server owner, or a customer of a hosting company? If the first go to Admin Level -> Services manager -> httpd restart. If the second, then contact your hosting provider support.
 
The site is almost working. The Certificate appears to be properly installed at:

https://www.rave-nation.com/

but I write partially because there's some insecure content mixed with secure content on the page. That's generally caused when images on the page are linked with http instead of with https.

Jeff
 
The site is almost working. The Certificate appears to be properly installed at:

https://www.rave-nation.com/

but I write partially because there's some insecure content mixed with secure content on the page. That's generally caused when images on the page are linked with http instead of with https.

Jeff

Yes I finally figured it out!

I will be transferring to the new site shortly located at www.rave-nation.com/index.php
It is the more colorful more professional looking site...
Is there insecure content on it? If it is just pictures and stuff this shouldnt be a risk right?



Hi Alex
You stated:
"Yes, that seems to be ok now and for me. "

So there are unsecured items on rave-nation.com/index.php?

I set the symlink like you showed me is this a good route of going about it?

Thanks for everyone's help! I appreciate it

Shaw
 
It's most likely not a risk, but visitors will not know it's not a risk. They'll only know (depending on how their browser reports it) that your site is at least partially insecure. I'd recommend fixing it.

Jeff
 
I set the symlink like you showed me is this a good route of going about it?

Yes, that's OK. Symlink is that what you need to use, if you want to share the same content between http and https. Other way you can go, it is to use relative paths in all links to images.
 
Hey Jeff, and Alex

It sounds like the symlink should make everything secure without having to worry about it, but is this not the case? Im using magento and I really dont know how to secure everything, I should research on this, but if you could give me a quick tip on how to or a referral to a good article on this I would really appreciate it!

Thanks
Shaw
 
You need to make sure there are no image references to http in your pages as served by https.

Note also that using a symbolic link between public_html and private_html could enable customers to reach parts of your site that should be secure (password pages, credit card pages) insecurely, simply by using http instead of https in their browser. So I don't recommend it unless you also create an .htaccess file to make certain that pages which must be secure are only served securely.

Jeff
 
Some CMS and billing software might not work properly if you divide them between public_html and private_html. Thus mod_rewrite would only help (with enabled symlink of course).
 
Just a note:

Billing software that works on either https or http is not PCI compliant, as we recently discovered.

It does appear that sat least for now mod_rewrite fixes the issue to the satisfaction of the PCI comliance checker we use.

Jeff
 
Back
Top