Problem installing a SSL Cert...

dryas

Verified User
Joined
Nov 6, 2003
Messages
14
Location
Germany / Rheine
Hello,

I'm having big troubles installing a SSL Certificate. :-(

I have done the following steps:

1) I've created a Certificate Request by clicking on "Create A Certificate Request"

2) I've used the generated key on my SSL Provicer to generate a key for my domain.

3) After I've received the certificate, I have entered it by clicking on "install a CA Root Certificate". I have entered the SSL Cert and checked "Use a CA Cert.".

4) DA said that the Cert is ok, and that SSL works fine in a few minutes...

After I have checked if SSL works fine, It doesn't work, because the Webserver uses the standart certificate of the webserver, and not the new one I've installed... :-(

If I check the menu in DA, "Use the server's certificate" is checked, and not "Paste a pre-generated certifcate and key" like in the documentation...

Is there any howto on how to install a ssl certificate? Or does someone has any idea on whats going wrong? Thanks for help!

Benny
 
Hey,

Basically, I think you would simply paste the key and the cert in the area the says "Paste a pre-generated certificate and key" and then save it...

Make sure the bullet is in the "Paste a pre-generated certificate and key".

If it is a chained cert then, "Click Here to paste a CA Root Certificate" is where you would put the chained cert.

David
 
Hi,

that's what I have done, but the webserver always use the untrusted standart certificate that we have installed before... :-(

Benny
 
Hi,

can somebody post the header and footer of the certificates I must enter in the textareas? (pre generated... and ca root)? I think I have inserted the wrong certificates?

BTW: I have entered "secure.linuworx.de" as the URL in the certificate request... if I try to connect on:

https://secure.linuworx.de

the webserver uses the standart certificate... I have entered the certificate on editing the www.linuworx.de domain... that's right, or?

Benny
 
Last edited:
Hey,

that's what I have done, but the webserver always use the untrusted standart certificate that we have installed before... :-(

OK, then maybe I'm confused:

If I check the menu in DA, "Use the server's certificate" is checked, and not "Paste a pre-generated certifcate and key" like in the documentation...

The "Use the server's certificate" should not be checked...

Your key and cert should be pasted in the box that says: "Paste a pre-generated certifcate and key" and that bullet should be marked.

Or, maybe I'm just not understanding... %^)

This is a cert for a domain and not one for the server, is that right?

David
 
Hi,

yes, I want to use the certificate for one domain (http://secure.linuworx.de).

Now I'm have checked "Paste a pre-generated certificate and key" and paste the following into the textarea:


"-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"

After that, I have clicked on "Click Here to paste a CA Root Certificate" and entered the following into the textarea:

"-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"

Is it right that I entered the key I have received from out SSL provider two times? One time in the "Paste a pre-generated certificate and key" field, and second time in the "Click Here to paste a CA Root Certificate"... :-?

Please help, I'm going crazy... :-(

;-)

Benny
 
Hi,

ok, as I read in the thread:

http://www.directadmin.com/forum/showthread.php?s=&threadid=3816&highlight=ssl

we use COMMODO SSL Certificates, and so I'm followed the instructions and installed into "Paste a pre-generated certificate and key" the Commodo Certificates, and in "Click Here to paste a CA Root Certificate" the "GTE Cybertrust Root Certificate" that we get from our ssl provider. I don't know why, but if I access the SSL domain, my browser wants to use our standart GLOBAL server certificate, not the one I have installed... if I take a look at the httpd.conf, everythink seems to be fine:

"
<VirtualHost XXX.XXX.XXX.XXX:443>

SSLEngine on
SSLCertificateFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.key
SSLCACertificateFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.cacert

ServerName www.secure.linuworx.de
ServerAlias www.secure.linuworx.de secure.linuworx.de
ServerAdmin [email protected]
..."

The Certificate is registered onto "secure.linuworx.de"... it MUST work, I'm don't understand why there are that problems. :-(

Did someone installed a working Commodo Certificate? If yes, please write a short description on what you have done to make it work... many many thanks!!!

Benny
 
Last edited:
Hey,

Is it right that I entered the key I have received from out SSL provider two times?

No...

How many certs did you get from your SSL cert provider?

If you got one... Then it should be entered in the first page with the key.

If you got two then the CA Root cert goes on the second page.

SSLCertificateFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.key
SSLCACertificateFile /usr/local/directadmin/data/users/linuworx/domains/linuworx.de.cacert

The above makes it look like you got two certs...

Which httpd.conf file is the SSLCertificate info from? (In your post) The domains conf or the main server file?

Did you rename the cert/key files?

Obviously, the new cert configuration is not being seen and the old cert/config is being used.

Where/what did you do to install the SnakeOil cert?

David
 
Hi,

now I know whats the problem! :) I have linked 2 domains to the user that I use to install the SSL Certifcate. Now I need to set one Domain of the two domains to a new IP to install the SSL Certificate. But I can't bind one Domain to a new IP, I only can bind both domains to the new IP... How can I bind an IP to one specific Domain, instead of one specific user?

User: Linuworx
Domains: ispface.de & linuworx.de

Now I only want to set linuworx.de to a new IP, not ispface.de... I have only found an option to set the whole user to a new ip...

Benny
 
DA has a limitation; you cannot have two IP#s on a user; a user is limited to one IP#.

So a secure site must be the only site on a given user.

Jeff
 
Back
Top