Cant't get Positive SSL to work

U

Ucreation

Verified User
Joined
May 21, 2010
Messages
18
Dear,

For a customer's website i have to install a new PositiveSSL certificate (ordered by www.sslcertificaten.nl).

Normally it's not a problem to add new certificates to a user, it will always work directly. But this time it won't!

I assigned the user to a dedicated IP, the user has only one domain in it's account, and i added the SSL certificate to this domain. Directadmin says that the certificate was added succesfully but when i check this with a SSL check tool (https://www.sslcertificaten.nl/SSLCheck) it looks like the default SSL of directadmin is still active.

When i look at the /usr/local/directadmin/data/users/username/ folder, there are all needed files for the new SSL file located. But when i look at the /usr/local/directadmin/data/users/username/httpd.conf the following lines are shown:

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/username/domains/domain.nl.cacert

Normally the 2 first lines are also rewrited to the path of the /usr/local/directadmin/data/users/username/ folder. When i change the first 2 lines (manualy) to this path and save the file, Apache won't start (i don't get any error message).

I don't know why this certificate won't work, normally it works directly!

Is this a know problem or something new?

I hope you can help me out with this!
 
Did you make sure ssl was enabled on the user. Make sure they are not assigned to a shared ip address. Sometimes it helps to move them to the shared ip and then back to a dedicated ip to sync all the files up. Not sure what causes it. Make sure you are selecting the bubble next to "paste a pre generated cert".

http://site-helper.com/ssl.html#install
 
Hi SCSI,

Thanks for your reply.

Yes, i made shure al these points. SSL is enabled for this user and the user is assigned to a dedicated IP that is empty and not used by other users. I tried to move them to a shared IP and back to its dedicated IP, this doesn't work (same problems).

By pasting the certificate I selected the radio button you described.

scsi said:
Did you make sure ssl was enabled on the user. Make sure they are not assigned to a shared ip address. Sometimes it helps to move them to the shared ip and then back to a dedicated ip to sync all the files up. Not sure what causes it. Make sure you are selecting the bubble next to "paste a pre generated cert".

http://site-helper.com/ssl.html#install
Click to expand...
 
Ucreation said:
When i change the first 2 lines (manualy) to this path and save the file, Apache won't start (i don't get any error message).
Click to expand...
There's got to be an error somewhere.

Have you tried restarting apache from the command line? If so, and you've not seen an error message, check your httpd logs.

Jeff
 
Yes, i tried to restart HTTPD and DirectAdmin, even I restart the whole server to make shure it wasn't some other service.

In the HTTPD logs there where no weird error messages or something. Normally apache won't start when there are errors in the conf.
jlasman said:
There's got to be an error somewhere.

Have you tried restarting apache from the command line? If so, and you've not seen an error message, check your httpd logs.

Jeff
Click to expand...
 
On this moment i will receive this errors in the user HTTPD log.

[Sat Jul 09 20:21:13 2011] [error] Init: Private key not found
[Sat Jul 09 20:21:13 2011] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Sat Jul 09 20:21:13 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Jul 09 20:21:13 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sat Jul 09 20:21:13 2011] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
 
It appears you didn't install the proper private key for the Certificate.

When you pasted the Certificate into the window in DirectAdmin did you paste it below the private key which was used to create? It appears you may not have done that.

If you've lost it you'll need to get the Certificate reissued; there's no way to get a Certificate to work without it's corresponding private key.

Jeff
 
Ok, i added the certificate on the way i always do and that's described on the directadmin helper sites.

When i go to the ssl settings of the domain now, the RSA key + domain certificate are pasted into the window (RSA on top, certificate on bottom). When i check the box before the window and press on the save button i receive the following error:

Cannot Execute Your Request

Details
Unable to find key

But why DirectAdmin can't find this key, this file is still located and available at the userdata folder?
 
Last edited:
You must log in or register to reply here.
Back
Top