Install SSL Certificate

A

aED

Verified User
Joined
Dec 20, 2009
Messages
42
Hi I got a certificate from https://www.startssl.com/ but cant get it to work on my server it still shows the snakeoild cert even if it shows in the config that my certs are pointing to my own certificates.

Can anyone instruct me on how to install them?

Thanks
 
Ok this might be related. I renamed ssl.crt and ssl.key to find who is using it when apache is restarted because generally it would throw an error and it did it says

that /etc/httpd/conf/ips.conf can load the server.crt
Click to expand...

Is it safe to edit this file?
 
jmtwl said:
what guide or tutorial are you reading? read here: http://help.directadmin.com/item.php?id=15
Click to expand...

Well I finally got it wrking What I did is edited all these filese

/etc/httpd/conf/extra/httpd-vhosts.conf
/etc/httpd/conf/ips.conf
/etc/httpd/conf/extra/httpd-ssl.conf


And replaced all instances of

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Click to expand...

To this

SSLProtocol all -SSLv2
SSLCertificateFile /etc/httpd/conf/mycrt/ssl.crt
SSLCertificateKeyFile /etc/httpd/conf/mycrt/ssl.key
SSLCertificateChainFile /etc/httpd/conf/mycrt/sub.class1.server.ca.pem
SSLCACertificateFile /etc/httpd/conf/mycrt/ca.pem
Click to expand...

And thats it :)
 
Works like a charm! But I have fev questions:

Are those files (/etc/httpd/conf/extra/httpd-vhosts.conf, /etc/httpd/conf/ips.conf, /etc/httpd/conf/extra/httpd-ssl.conf) modified during DA update or updates made from DA panel?
 
Not always on update, but they will be modified on an IP address add/delete/change.
Instead you can use our examples:

1. Edit SSL section of your /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf and /usr/local/directadmin/data/templates/custom/virtual_host2_secure_sub.conf to make look like this (only extract):

Code: 
        SSLEngine on
        |*if SSLCIPHERSUITE||SSLCIPHERSUITE||*endif|
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |*if SSLCERTIFICATECHAINFILE||SSLCERTIFICATECHAINFILE||*endif|
        |CAROOT|

2. Open your Directadmin. Go to page «Add Custom Httpd Configurations» and select a required domain. Add lines:

Code: 
	|?SSLCIPHERSUITE=SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM|
	|?SSLCERTIFICATECHAINFILE=SSLCertificateChainFile /etc/httpd/conf/mycrt/sub.class1.server.ca.pem|

It works fine for us.
 
You must log in or register to reply here.
Back
Top