Install SSL Certificate

aED

Verified User
Joined
Dec 20, 2009
Messages
42
Hi I got a certificate from https://www.startssl.com/ but cant get it to work on my server it still shows the snakeoild cert even if it shows in the config that my certs are pointing to my own certificates.

Can anyone instruct me on how to install them?

Thanks
 

aED

Verified User
Joined
Dec 20, 2009
Messages
42
Ok this might be related. I renamed ssl.crt and ssl.key to find who is using it when apache is restarted because generally it would throw an error and it did it says

that /etc/httpd/conf/ips.conf can load the server.crt
Is it safe to edit this file?
 

aED

Verified User
Joined
Dec 20, 2009
Messages
42
what guide or tutorial are you reading? read here: http://help.directadmin.com/item.php?id=15
Well I finally got it wrking What I did is edited all these filese

/etc/httpd/conf/extra/httpd-vhosts.conf
/etc/httpd/conf/ips.conf
/etc/httpd/conf/extra/httpd-ssl.conf


And replaced all instances of

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
To this

SSLProtocol all -SSLv2
SSLCertificateFile /etc/httpd/conf/mycrt/ssl.crt
SSLCertificateKeyFile /etc/httpd/conf/mycrt/ssl.key
SSLCertificateChainFile /etc/httpd/conf/mycrt/sub.class1.server.ca.pem
SSLCACertificateFile /etc/httpd/conf/mycrt/ca.pem
And thats it :)
 

stars

Verified User
Joined
Nov 3, 2010
Messages
65
Works like a charm! But I have fev questions:

Are those files (/etc/httpd/conf/extra/httpd-vhosts.conf, /etc/httpd/conf/ips.conf, /etc/httpd/conf/extra/httpd-ssl.conf) modified during DA update or updates made from DA panel?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Not always on update, but they will be modified on an IP address add/delete/change.
Instead you can use our examples:

1. Edit SSL section of your /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf and /usr/local/directadmin/data/templates/custom/virtual_host2_secure_sub.conf to make look like this (only extract):

Code:
        SSLEngine on
        |*if SSLCIPHERSUITE||SSLCIPHERSUITE||*endif|
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |*if SSLCERTIFICATECHAINFILE||SSLCERTIFICATECHAINFILE||*endif|
        |CAROOT|
2. Open your Directadmin. Go to page «Add Custom Httpd Configurations» and select a required domain. Add lines:

Code:
	|?SSLCIPHERSUITE=SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM|
	|?SSLCERTIFICATECHAINFILE=SSLCertificateChainFile /etc/httpd/conf/mycrt/sub.class1.server.ca.pem|
It works fine for us.
 
Top