Installed SSL on owned IP doesn't work. Always point to Server SSL

nmb

Verified User
Joined
Sep 13, 2008
Messages
223
I'm not sure which forum should I posted but since I run CB 2.0 + PHP-FPM + PH 5.3 + Apache 2.4.9, I think I should post here.

Tried to install a Comodo PositiveSSL on a domain with owned IP. Followed the step here -> http://www.site-helper.com/ssl.html

Check the file in xxxxx's httpd.conf below :

Code:
        SSLCertificateFile /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.cert
        SSLCertificateKeyFile /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.key
        SSLCACertificateFile /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.cacert

All files are all there in the correct folder. However, when I tried to access the website through https://www.ppppp.com What I got is the certificate from the Server, not the one used in User.

I'm wondering is there any extra step should I do to make it work? Run all the latest DirectAdmin updated with CentOS 5 - 64 bits.

Also, the SSL setup is "Use a symbolic link from private_html to public_html - allows for same data in http and https"



Thank you,
 
Last edited:
I dont see why it would be the ssl for the other ip. Did you check the check box to enable ssl in the ssl settings.
 
I dont see why it would be the ssl for the other ip. Did you check the check box to enable ssl in the ssl settings.


Yes, SSL is enabled in the box above. No custom config except PHP-FPM setting for some user (To make some domain use dynamic instead of OnDemand) which I think it's not related.
 
Just tried to use Create your own self signed certificate in the DA Menu. That didn't work too. The SSL for that specific domain still shows Server SSL instead of user SSL.
 
Restart the webserver and also run /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.cert through a certificate tester to make sure it is actually the certificate you think it is.
 
Restart the webserver and also run /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.cert through a certificate tester to make sure it is actually the certificate you think it is.

Use command line openssl x509 -in /usr/local/directadmin/data/users/xxxxx/domains/ppppp.com.cert -text -noout

and the result is shown correctly. The certificate belong to ppppp.com domain + Docomo.
 
OK, I found the cause of the problem now. For some reason which I don't know why. The same IP I used for ppppp.com has been used on another user. Nothing is shown on the DA Web interface which is strange. However, I searched for that specific IP in each users' httpd.conf and found it. Since that user load the IP first with Server SSL, ppppp.com has to use the same SSL since I don't have SNI set up.

Thanks scsi, Arieh
 
Back
Top