Can't create my own SSL

[sh4d0w]

I use "SSL Certificates" menu for creating and installing my own SSL certificate (not purchased) (I have dedicated IP and SSL access).

I select "Create your own self signed certificate", fill all fields and then click save button. There is no errors and in textarea below (Paste a pre-generated certificate and key) I see generated keys. After that I select "Paste a pre-generated certificate and key" and click save button. And I have error message: Certificate is Invalid.

How can i setup correctly own certificate (not purchased)?

Also I replace default DirectAdmin ssl certificate (OIL): I create in ssh keys files and replace default DirectAdmin files and in httpd.conf paste SSLPassPhraseDialog exec:/path_to_script. I am correctly replace default ssl certificate? If its not - please tell me how can I do it correctly? And may be its a reason of my problem?

Thanks.

 

[sh4d0w]

Anybody can help me?

I cant find a reason of my problem.

 

[DirectAdmin Support]

Hello,

That almost sounds like a broken openssl.

The code run by DA is something like:

	openssl req -new -x509 -days 365 -keyout [B]/path/to/temp.key[/B] -out [B]/path/to/file.cert[/B]
	openssl rsa -in [B]/path/to/temp.key[/B] -out [B]/path/to/file.key[/B]

So try running that manually to see what you get.. if any errors pop up.

Here is another 1 step method for creating a cert/key that you can use:

/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout [B]/usr/local/directadmin/conf/cakey.pem[/B] -out [B]/usr/local/directadmin/conf/cacert.pem[/B] -days 9999 -nodes

Of course, change any bold /paths to whatever you want to use for testing.

John

 

[sh4d0w]

Thank you, John.
I try this commands:

openssl req -new -x509 -days 365 -keyout /path/to/temp.key -out /path/to/file.cert

Then I enter pass phrase and some data for certificate.

openssl rsa -in /path/to/temp.key -out /path/to/file.key

Then enter pass phrase for temp.key, and I get file.cert, file.key, temp.key

Then I modify httpd.conf in /usr/local/directadmin/data/users/[USERNAME] :

SSLCertificateFile /usr/local/directadmin/data/users/[USERNAME]/domains/file.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/[USERNAME]/domains/file.key

Then I restart apache (no errors). And when I go to https://mydomain.com I see certificate than installed for all server (not my own certificate).

 

[sh4d0w]

Please help me.

 

[DirectAdmin Support]

Hello,

Go to:
User Level -> SSL Certificates

and see if you can select+save the "paste your own certificate/key" option.

If you still get the error in DA, then edit:

/usr/local/directadmin/data/users/username/domains/domain.com.conf

set the options:

SSLCertificateFile=/usr/local/directadmin/data/users/[B]username[/B]/domains/[B]domain.com[/B].cert
SSLCertificateKeyFile=/usr/local/directadmin/data/users/[B]username[/B]/domains/[B]domain.com[/B].key

Then type:

echo "action=rewrite&value=httpd&user=[B]username[/B]" >> /usr/local/directadmin/data/task.queue

John