CA root Certificates on Main Sites

[nobaloney]

Note that if you're using a Secure Certificate that requires a CA Root Certificiate on a main site (a site under the admin reseller account) you can't just paste it in through your browser.

In addition you need to manuallly change your httpd configuration through a root shell login, and restart apache.

Which file?

That depends.

Apache 1.x:
It's in the /etc/httpd.conf file, in the section

<VirtualHost _default_:443>

underneath the line:

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

add another line:

SSLCACertificateFile /usr/local/directadmin/data/users/admin/domains/example.com.cacert

where example.com is replaced by the domain on which you're installing the certificate.

Then if there's also a section for your IP#, for example

<VirtualHost 12.34.56.78:443>

(where 12.34.56.78 is replaced by your main IP#) the same line needs to be added there as well.

Apache 2.x
It's in the /etc/httpd/conf/extra/httpd-vhosts.conf file. in the section for your main IP#:

<VirtualHost 12.34.56.78:443>

(where 12.34.56.78 is replaced by your main IP#), under the line:

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

add the line

SSLCACertificateFile /usr/local/directadmin/data/users/admin/domains/example.com.cacert

as above.

For both versions of apache, it's necessary to restart your httpd daemon for the changes to work.

Jeff

 

[altranslations]

Without SSLCACertificateFile before the filename server won't restart
With SSLCACertificateFile in front server restarts but still no joy the old localhost certificate is used

 

[nobaloney]

I don't think I made a mistake in what I wrote above. Perhaps this section of the DirectAdmin Technical Notes will help (search for SSL on the server's main domain).

Jeff

 

[nobaloney]

It turns out that I did make a mistake and that user altranslations was right in that the text SSLCACertificateFile was needed. I've corrected my previous post.

Jeff

 

[urbee]

Is the user's config file rewriten? Do we need to make the changes permanently somehow?

 

[nobaloney]

It's been almost a year and i don't remember the details well enough to answer your question. I believe you no longer have to install the CA root and/or intermediate cert from the shell; I believe DirectAdmin has resolved that, though I'm not positive.

Jeff

 

[urbee]

I dont think they did as i needed to do this to fully enable my getrust cert.

 

[Shaw]

I believe I need to follow these steps because I am receiving the error "The certificate is not trusted because no issuer chain was provided."

This error occurs for users going to checkout. I have installed the CA cert under
"Click Here to paste a CA Root Certificate"

So I am assuming I need to follow these steps but I dont even know what version of apache im running!

Any help or suggestions on how to fix this would be greatly appreciated!

Thanks
Shawheen

 

[urbee]

Check apache version with httpd -v, should print out something like:

Server version: Apache/2.2.17 (Unix)
Server built: Nov 23 2010 00:36:19

And yes, you probably need follow this guide.

 

[Shaw]

Hi Urbee

Thank You! I have seen this command httpd -v but I am a super newb and dont know where to initiate that!

Once I know the apache version I believe I can follow this guide except for this step: "For both versions of apache, it's necessary to restart your httpd daemon for the changes to work."

Thanks for your help!
Shawheen

Check apache version with httpd -v, should print out something like:

Server version: Apache/2.2.17 (Unix)
Server built: Nov 23 2010 00:36:19

And yes, you probably need follow this guide.

 

[urbee]

You type it in console (shell) or check it in directadmin (i think it has versions somewhere) but you will need shell access to fix this anyway.

Restarting apache depends on the distribution u have, on debian its "/etc/init.d/httpd restart".

 

[Shaw]

You type it in console (shell) or check it in directadmin (i think it has versions somewhere) but you will need shell access to fix this anyway.

Restarting apache depends on the distribution u have, on debian its "/etc/init.d/httpd restart".

Okay so I lied I thought to follow these steps I just needed to go into files and edit them, but is this not the case? Im completely lost I guess I have no clue where to type it into "console (shell)"

Bummer

 

[nobaloney]

@Shaw:

There could be several reasons for your problem. If you don't know how to work in the shell and can't follow the instructions given (I tried to keep them as simple as possible), you should probably hire someone to do the work for you; possibly even manage the server for you. Many people here can log into your server and work on it for a fee.

We charge $45 and both sell you the Certificate and install it. For more information send me an email or read the Advertising subforum on these forums.

Jeff