DA installing startSSL ssl class 1 certificate

[whosaround]

Hello All !
I have a dedicated server with its own ip which i am its root user.
i use this server for my mobile application, and for a small website.
I've used startSSL.com to get a SSL certificate but although i tried and do any instructions i found in google (especially this) i don't manage to get it work... the site is not secured and i don't see that the browser even find the startSSL certificate..

i've even tried to install globalSign OneClickSSL plugin but for some reason after installing it i can't use it because DA tells me it has not reading or writing permissions (i'd love to know how to fix it)..

can any one please provide some information about the right way to us a CA certificate in my server.

btw, i'm using an apache server on freebsd OS

Thanks!

 

[chatwizrd]

http://www.site-helper.com/ssl.html

 

[zEitEr]

can any one please provide some information about the right way to us a CA certificate in my server.

Hello,

Note, you'll need to add the intermediate CA certificate to your installation

http://www.startssl.com/?app=25#31

 

[whosaround]

Hello,

Note, you'll need to add the intermediate CA certificate to your installation

i've done that... but from some reason it doesn't work...
i'm looking for a step by step tutorial for how to do so...
i've tried to walk step by step with the tutorial i've post in my first thread, but yet - i doesn't seems like the browser gets the right certificate.. only the server old one

 

[whosaround]

i've tried to use chatwizerd tutorial and nothing changes...
no metter what i do the certificate which my browser receive when i'm trying to browse my site - is the own i've self-registered..

is there a way to delete every ssl certificate installed and reinstall a new one ? i think maybe there is some kind of cache ...

 

[nobaloney]

You didn't write anywhere above exactly what steps you followed to install your Certificate, and where (at which specific level of the DirectAdmin interface, login, etc.). If this is your root Certificate you may need to install the CA Certificate in a different location.

Check your user-level httpd.conf file for your domain to see where it's expecting your Certificate and the CAROOT cert to be installed.

Jeff

 

[zEitEr]

i've tried to use chatwizerd tutorial and nothing changes...
no metter what i do the certificate which my browser receive when i'm trying to browse my site - is the own i've self-registered..

is there a way to delete every ssl certificate installed and reinstall a new one ? i think maybe there is some kind of cache ...

Please, send a screen-shot of the page from directadmin where you set SSL settings and cert. You might want to hide some key/cert lines, for security sake.

 

[whosaround]

i've managed a certificate request using direct admin for www.whosaroundapp.com
paste to the CA site
got back a certificate and CA root certificates
copy and paste the certificate under the RSA key in direct admin
copy and paste the CA certificate in this click here option in direct admin
checked - "Use CA certificate" in this window
and saved all of it..

jeff - i've used direct admin httpd custom config to see the domain's httpd file and it is set correctly to the right place.
but i didn't find there another tag with port 443 on for www.secure.whosaroundapp.com..
maybe it has something to do with it ?
maybe there is some kind of shell script or direct adimn for ssl clear installation ?

 

[nobaloney]

I wouldn't know the details unless I logged in and checked your server. Since you've posted your domain name I can tell you your current served served for your domain is issued to: whosaroundapp.com (common name) and is issued by Bar Vaod LTD.

Is that your self-signed Certificate?

It would probably cost more for me to try and figure out your problem with your startSSL Certificate than it would be to have me sell you one of our Certificates with installation. Please feel free to call or email me; information below in my siglines.

Jeff

 

[whosaround]

yes, but how did you see it ? whenever i'm trying https://www.whosaroundapp.com i get an error in my browser saying site is not secured and the certificate is issued by whosaorundapp.com ??


FYI - i sent you an email

 

[zEitEr]

Run

# wget -O /dev/null -d https://www.whosaroundapp.com/

and you might see the following:

certificate:
  subject: /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
  issuer:  /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
ERROR: cannot verify www.whosaroundapp.com’s certificate, issued by “/C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]”:
  Self-signed certificate encountered.
ERROR: certificate common name “whosaroundapp.com” doesn’t match requested host name “www.whosaroundapp.com”

and

# wget -O /dev/null -d https://whosaroundapp.com/

Handshake successful; connected socket 4 to SSL handle 0x0000000000fbbd60
certificate:
  subject: /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
  issuer:  /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
ERROR: cannot verify whosaroundapp.com’s certificate, issued by “/C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]”:
  Self-signed certificate encountered.

In the both cases I see in Opera an intermediate certificate from StartSSL.COM with self-signed cert.

 

[nobaloney]

I'm not sure what zEitEr means by

In the both cases I see in Opera an intermediate certificate from StartSSL.COM with self-signed cert.

I see through Firefox a Self-Signed Certificate:

E = [email protected]
CN = whosaroundapp.com
OU = Software
O = Bar Vaod LTD
L = Haifa
ST = Israel
C = Il

so it appears that the Certificate, if created at all, is not created properly.

And it's what I get when I use zEitEr's suggested wget command:

$  wget -O /dev/null -d https://www.whosaroundapp.com/ 
DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2012-12-17 19:14:12--  https://www.whosaroundapp.com/
Resolving www.whosaroundapp.com (www.whosaroundapp.com)... 188.64.99.192
Caching www.whosaroundapp.com => 188.64.99.192
Connecting to www.whosaroundapp.com (www.whosaroundapp.com)|188.64.99.192|:443... connected.
Created socket 4.
Releasing 0x0000000000c62650 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 4 to SSL handle 0x0000000000c62950
certificate:
  subject: /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
  issuer:  /C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]
ERROR: cannot verify www.whosaroundapp.com's certificate, issued by `/C=Il/ST=Israel/L=Haifa/O=Bar Vaod LTD/OU=Software/CN=whosaroundapp.com/[email protected]':
  Self-signed certificate encountered.
    ERROR: certificate common name `whosaroundapp.com' doesn't match requested host name `www.whosaroundapp.com'.
To connect to www.whosaroundapp.com insecurely, use `--no-check-certificate'.
Closed 4/SSL 0x0000000000c62950

Question not yet answered:

Was this domain created at the admin user level, or at a user level of a user created under a reseller?

Jeff

 

[zEitEr]

As it seems to me, the server has a self-singed SSL cert installed together with intermediate ca certificate from StartSSL.COM

See the attachment (the idea should be clean, though it's in Russian).