29,95$ SSL Cert from Godaddy

redesb

Verified User
Joined
May 10, 2004
Messages
207
Location
Spain
Someone using $29,95 SSL certs from Godaddy on DA :cool: or others CP's :rolleyes: ?

Please feedback welcomed!!! :)

TIA
ramon
 
Yes, I have one. I bought it few days ago but I am unable to install it directly from DA.


Here are the instructions from Godaddy :

INSTALLING YOUR WEB SERVER CERTIFICATE

Go Daddy has issued your signed Web Server Certificate. The final step in the certificate-request process is the installation of the certificate on your Web server. The specifics of the installation procedure are determined by your choice of Web server software.

Please see below for certificate-installation instructions for Apache and Microsoft IIS 5.x. and 6.x servers. Go to the following address for certificate-installation instructions for all supported Web servers: https://certificates.godaddy.com/InstallationInstructions.go.

ABOUT THE INTERMEDIATE CERTIFICATE
Before you install your Web Server Certificate you must install our intermediate certificate -- the sf_issuing.crt -- on your Web server. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a chain that begins at the trusted root CA, through the intermediate certificate, and ending with the Web Server SSL certificate issued to you. Such a certificate is called "chained root certificate." The usage of an intermediate certificate thus provides an added level of security as the Certification Authority (CA) does not need to issue certificates directly from its CA root certificate.

You received our intermediate certificate along with your issued certificate. You may also download the intermediate certificate from the repository at https://certificates.godaddy.com/Repository.go.


INSTALLATION INSTRUCTIONS - APACHE 1.3
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key files (generated when you created the - Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache httpd.conf file and add the following directives:

SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt

- Save your httpd.conf file and restart Apache.


INSTALLATION INSTRUCTIONS - APACHE 2.X
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache ssl.conf file and add the following directives:

SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt

- Save your ssl.conf file and restart Apache.


INSTALLATION INSTRUCTIONS - Microsoft IIS 5.x/6.x
NOTE: For Windows NT 4.0, you must have at least Service Pack 4.0 or higher or Microsoft Internet Explorer 5.0.

Installing Intermediate Certificate:
Once you have downloaded the intermediate certificate, please follow the instructions below to install it:
- Select "Run" from the start menu; then type "mmc" to start the Microsoft Management Console (MMC).
- In the Management Console, select "File," then "Add/Remove Snap In."
- In the Add/Remove Snap-In dialog, select "Add."
- In the Add Standalone Snap-in dialog, choose "Certificates"; then click the "Add" button.
- Choose "Computer Account"; then click "Next" and "Finish."
- Close the Add Standalone Snap-in dialog and click "OK" on the Add/Remove Snap-in dialog to return to the main MMC window.
- If necessary, click the "+" icon to expand the "Certificates" folder so that the Intermediate Certification Authorities folder is visible.
- Right-click on "Intermediate Certification Authorities" and choose "All Tasks"; then click "Import."
- Follow the wizard prompts to complete the installation procedure.

Installing Your Web Server Certificate
- Select the Internet Information Service console within the Administrative Tools menu.
- Select the Web site (host) for which the certificate was made.
- Right mouse-click and select "Properties."
- Select the "Directory Security" tab.
- Select the "Server Certificate" option.
- The Welcome to the Web Server Certificate Wizard windows opens. Click "OK."
- Select "Process the pending request and install the certificate." Click "Next."
- Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type "all files").
- When the correct certificate file is selected, click "Next."
- Verify the Certificate Summary to make sure all information is accurate. Click "Next."
- Select "Finish."
 
Are you an end-user of a site hosted on DirectAdmin?

If so then you'll find the DirectAdmin help system should show you exactly what you have to do.

Depending on which skin you have, navigate to your page for installing the SSL cert, find and click on the "help" icon.

Jeff
 
Hi,

I am an end user, but the server is mine and I have admin rights on it.

I managed to install the Godaddy SSL Cert. as indicated. Thank you for your help.

However, when I type my website URL with https:// rather than http:// I have a warning that the certificate has expired since 2001! And the certificate owner ans issuer as unknown for me! It looks as if an old certificate was installed on a server I rented! But I can't delete this certificate, so my new certificate is not opperative.
 
Do you mind posting your URL so that we can check?

A couple things to check:

1) In the DA Admin account, there is a custom httpd configurations page. Check the config for the domain with the certificate.

You should see some lines like:
Code:
SSLCertificateFile /usr/local/directadmin/data/users/[b]username[/b]/domains/[b]yourdomain.tld[/b].cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/[b]username[/b]/domains/[b]yourdomain.tld[/b].key

That shows that Apache is using an individual domain certificate.

2) If the lines intead look like:
Code:
	SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

that means you are using the server certificate.

If the config shows case (2), then you have not really installed the certificate. Go to the user account for the domain in question (SSL page) and paste your key and certificate
Code:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

gobbledygook in the field marked Paste a pre-generated certificate and key (make sure the radio button next to it is selected), then click on the"Save" button.
 
max2000 said:
I managed to install the Godaddy SSL Cert. as indicated. Thank you for your help.
The rest of us aren't having problems installing certs. So I'm presuming, perhaps incorrectly, that you may not have installed it properly.

Did you get a message from the DA control panel that the cert was properly installed?

If you've somehow overwritten your Private Key the install won't work.

Jeff
 
Hi -- continuing this discussion.

I am having a similar problem with a godaddy turbo-ssl certificate.

directadmin said that everything was good, and after a couple of hours waiting (said it would be a few minutes), nothing.

My httpd.conf looks like this:

<VirtualHost 64.27.10.180:443>

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/george/domains/health-effects.net.cacert

sslcacertificatefile looks correct, but the rest uses the server. If I try to go to the https://health-effects.net version of the site, I get the snakeoil certificate.

Any ideas?
 
Thank you Jlasman,

The mistake was 100% mine.

I assumed all I had to do was paste the CA ROOT CERT.

I didn't read the instructions well enough... If you look at the instruction page on the DA Support Pages, you will see a teeny tiny red message that says... "paste key here".

Meaning, below the -----END RSA PRIVATE KEY-----, you are supposed to paste the CERTIFICATE

Easy to miss, specially if it is your first time doing it through DA.

Time to get new glasses.

Thanks and Regards

p.s. If I had to program the system myself... I would have presented the user with three different input boxes, one for each key that has to be put in, and not have them go back, but that's just me.
 
Last edited:
jlasman said:
If you've somehow overwritten your Private Key the install won't work.

I think maybe I have done this because the install is not working. I keep getting this message:

Could not execute your request

Details

error using key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

The certificate and key do not match. Please ensure you are using the correct key with this certificate

--

Now what??:(
 
you generated a new key...

did you store the first key you made and used to generate the certificate from gd?

peace,
 
actually I have always had problems installing certs in DA. But never reported it.

I have installed all my certs manually so far.

Godaddy certs I think are incompatible anyway as they are chained.
 
GoDaddy's TurboSSL certs aren't so much "incompatible", but rather they just work a little differently. :)

I ran through the usual DA instructions (paste cert, yada-yada) for installing my TurboSSL cert on my domain, but there was no place for the ChainCert.

To fix this, I copied to ChainCert to the correct dir for that user (via SSH). Then, I logged into DA as admin, went to "Custom HTTPD Configurations" and added the following line for the domain in question:

SSLCertificateChainFile /usr/local/directadmin/data/users/myuser/domains/domain.sf_issuing.crt

(Note: Obviously, I renamed mine; GoDaddy sends the chain file named as "sf_issuing.crt", but I like to prepend the intended domain name to the filename for organization purposes.)

The resulting SSL portion (ie port 443) for that particular domain looks similar to the following (excluding all but SSL relevant portions):

<VirtualHost 111.111.111.111:443>
SSLCertificateChainFile /usr/local/directadmin/data/users/myuser/domains/domain.sf_issuing.crt
SSLEngine on
SSLCertificateFile /usr/local/directadmin/data/users/myuser/domains/domain.com.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/myuser/domains/domain.com.key
SSLCACertificateFile /usr/local/directadmin/data/users/myuser/domains/domain.com.cacert
</VirtualHost>

Works perfectly. Don't bother trying to manually edit the httpd.conf for each user, since DA will over-write it each time you make changes to it from the panel.

Hope it helps!
 
Hello,

I'd like to ask you, ..., how many SSL certificate we can setup on one DA server that is able to handle SSL ?

Is it one certificate per IP, or is it virtualhost based certificate ?

Thank you.
 
Back
Top