ChainedSSL Installation Problem..

Is that anything I need to deal with the ca-bundle.crt file?

I have searched other forums and cPanel. WHM also get it works.

Sorry, I am not so familiar with this.. :confused:
 
You need to use the 'chain' certificate also.... all the info you need is on the FreeSSL website... as a hint theres an extra line required in the httpd.conf

Chris
 
Thanks,
I have bought the chainedSSL, isn't it a chained certificate?

I have also added that line in my user's (admin) httpd.conf,
still doesn't work.... :(

p.s. I have restarted apache after doing so!
 
Typically you setup a 'standard; cert using the folowing 2 lines:

SSLCertificateFile /usr/local/apache/conf/ssl.crt/yourdomain.crt (or server.crt)
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key

with the chained certificates you need the extra line:

SSLCACertificateFile /usr/local/apache/conf/ca-bundle/chain.crt

The key is what you *generated* before purchasing the certificate, the certificate is what they will have emailed you, and the intermediate/chain you have is the chain.crt

Ensure you have all 3 lines in the vhost then restart apache... also check all the paths are correct in those lines and hold the correct data :)

Chris
 
Thanks Christ your prompt reply!

But I have really done what you've told :

This is my httpd.conf file :


SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /usr/local/directadmin/data/users/admin/domains/jzoneplus.com.cacert

(have changed to /etc/httpd/conf/ca-bundle/chain.crt but still no luck)


The key is generated during the certificate request using DA.
The cert and the intermediate cert are both email to me and put in server.crt and chain.crt.


Still, same problem exists..

It drives me crazy........=_=
 
Hello,

I think you've fixed it. When I go to:

https://www.jzoneplus.com/asdf

I dont' get a popup and the cert is valid. You might have had the certificate cached in your browser, in which case just close all browsers and load the page again. :)

John
 
I have rollback my system to use the freessl, bacause I don't want my customer to see that popup..

I have totally gave up to try..

checkout my certificate and it's just a single root certificate!


Sorry I didn't mention that..:eek:
 
you are putting the 3 lines in the vhost of the domain, not that main httpd.conf?

Chris
 
Yes..
I am putting the 3 lines in the vhost file, the 'tutotial' did mention that?

Do I need to add those 3 lines to main httpd.conf file?
 
Could you point me to a file in the private html folder.... at the moment im just getting redirected back to an unsecure conenction...

These are all the correct paths also (for all the new data?)

/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key
/usr/local/directadmin/data/users/admin/domains/jzoneplus.com.cacert

try doing it clean...

Code: 
mkdir /etc/httpd/conf/jzoneplus
cd /etc/httpd/conf/jzoneplus
pico -w jzoneplus.key
pico -w jzoneplus.crt
pico -w jzoneplus.cacrt

key is what you generated, crt is the cert emailed to you, cacrt is the intermediate cert emailed. Make sure you add the -----start----- and -----end------ lines in them files also.

Code: 
SSLCertificateFile /etc/httpd/conf/jzoneplus/jzoneplus.key
SSLCertificateKeyFile /etc/httpd/conf/jzoneplus/jzoneplus.crt
SSLCACertificateFile /etc/httpd/conf/jzoneplus/jzoneplus.cacrt

If it still fails all I can think is you're using the wrong key (must be the key you used to order the certificate with), but i have no idea what error you are getting either... so cant really say.

Chris
 
Chris,
I have tried the steps, but still, it seems that it's no luck.


However, I put those 3 lines in main httpd.conf ............. SUCCESS!

Still not sure what's going on of the vhost httpd.conf..

investigating~


Try it out, see if popup shows?

https://www.jzoneplus.com/hk/user
 
By the way, how can I set it to use with DA?

I know how to set a single root, but not a chained one..

directadmin.conf only comes with 2 lines!:D
 
The equivalent to the SSLCACertificateFile in the directadmin.conf would be carootcert, which you can just add yourself.

John
 
Thanks Chris and John,
Everything got done now!


Hope it creates a good guide for future admins.



Cheers,
Jeffery ;)
 
Hi,
I have followed everything in this thread, and have only one problem now. (Well at least when it comes to SSL.) :D
When viewing my cert. located https://www.linkdisk.com
It shows"cannot be verified up to a trusted cert. auth."
I have all 3 of the lines in my admin user httpd.conf file and they are pointing to the correct paths.

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/linkdisk.crt/
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/linkdisk.key/
SSLCACertificateFile /etc/httpd/conf/ca-bundle/chain.crt/

Does any one know why I would get this message?


Thanks -Jason
 
Hey,

Looks like you have the SSL fixed...

Now you've got insecure items on the page... Looks like it's because of the way they are called:

http://linkdisk.com/images/

Some of your links are that way as well... But, you probably know that already!

David
 
Hi David,
Thank you for your reply.
It does apear that it is working properly on my home page, but please try my order system and see if you come up with the same results.

1 Add a hosting plan to the cart.
2 Enter a domain name which alredy exsists such as yahoo.com it doesn't realy matter.
3 Click finish
4 This will take you to the final.php page which is the payment page and is where I need SSL. I get a popup here, and if you do also please let me know.

http://linkdisk.com/hosting.htm

Thanks for your time and help -Jason
 
Hey Jason,

Sorry about the delay in answering...

Yep, I see what you mean...

However, now I get the error on your homepage:

https://www.linkdisk.com

It's showing it can't be verified... Strange, it did appear to be working earlier.

Back to square one.

One thought, take the trailing slash "/" off the path on the SSL statements...

Also, who can read this (permissions)?
/etc/httpd/conf/ca-bundle/chain.crt

David
 
Hey,

OK, maybe you're working on it as I was testing it as NOW the https://www.linkdisk.com is pulling up OK.

With that, where you may be having problems is when you're in the cart and click on Finish, it appears as though you're redirecting to the https (maybe through a whois.cart config)...

It appears as if the call sees the http://linkdisk.com and if you look at the cert it's telling you the name doesn't match. You'll see the cert chain is complete...

Damn, does that make sense?

Maybe it's a whois.cart config that's giving the problem?

David

Edit:

Well, it's not working again... Unless you're working on it then, that seems to be a problem all it's own.
 
Last edited:
You must log in or register to reply here.
Back
Top