is starterssl compatible wif DA?

N

neorder

Verified User
Joined
Oct 1, 2003
Messages
336
i bought a starterssl from ev1servers.net which is only 5 dollars. i've got the cert, but failed to install it.

when i get the cert, i just put it under the key we generated previously, is that correct?

i just can't get it installed. always say " invalid cert".

btw, what's a CA root cert? do i need to know what is it?

thanks.
 
i got it work, but two things to let you know

according to http://www.site-helper.com/ssl.html

"Note: You will not see a private_html directory if the SSL feature isn't enabled on your account."

this is not correct, because i saw other accounts also have private_html directory.

2nd, when i install the key, there was no indication that the key was installed. i think the ssl installation procedure for cpanel and ensim are more easy to understand and follow.
 
StarterSSL certs work properly on every system we've installed them on; be sure you've followed the installation instructions exactly.

SterterSSL certs do not require a CA cert.

Jeff
 
I to bought the $5 StarterSSL Special from EV1 as well, Great Deal !.

I followed Jeff's How-To and everything went fine:
http://www.directadmin.com/forum/showthread.php?threadid=3816

Note: Step 8d) can be skipped as it is only needed is you require a root cert, which StarterSSL does not.

I can login via https from my office machine's fine.

Okay, now for the weirdness factor. One of my remote access points is behind a large company firewall. With the file:
/usr/local/directadmin/conf/directadmin.conf edited to "SSL=1"
I found I cannot get to the login, I just get a blank page.

I double checked all the following from the How-To and it seems fine:
10) To allow the directadmin server to read the key to secure port 2222, we changed the ownership and permissions of the server.crt, the ssl.key directory and the server.key, as follows:
chmod 644 /etc/httpd/conf/ssl.crt/server.crt
chmod 750 /etc/httpd/conf/ssl.key
chgrp diradmin /etc/httpd/conf/ssl.key
chmod 640 /etc/httpd/conf/ssl.key/server.key
chgrp diradmin /etc/httpd/conf/ssl.key/server.key

So for now I had to set "SSL=0" in order to log in.

Of course it is a large company firewall with security measures up the wasu and don't think they will help out. Of couse the standard ports 80 and 443 are open, but why would I get a the blank page ?

One clue, if you log into https://clientdomain.example.com:2222, you get the SSL pop-up, so I know the SSL cert is being allowed through the firewall, but then you are directed to a blank page. I also went to another site that uses the StarterSSL and I get his pop-up and can see his site.

https'less, webdev1
 
It does sound to me as if it's a firewall issue.

But I don't know anything about your firewall.

:(

Jeff
 
Please explain what you mean with StarterSSL certs with Proftpd.

I'm having a bit of a problem understanding what a website cert has to do with ftp.

Thanks.

Jeff
 
You can secure FTP connections with an SSL cert. It can protect both the password and the data.

For some reason the StarterSSL is indicated as invalid. There is a missing root, but we tried with the ca-bundle used by Apache.

I think FTP clients may have less recent client roots as a Firefox per example, but I don0t know if we can fix this or if the problem comes from elsewhere.
 
After doing some research, it seems StarterSSL won't work well for FTP and email, because their cert is not recognized by the clients. If I add their root to the ca list, then the clients complain about a self signed cert (of course, since they generated the root...)

I'll try with other certs...
 
The StarterSSL cert has been around for a long time.

I have the contacts it takes to check this out and fix it if possible.

If you can help me verify the problems please let me know by private email to the address in my sig, below, and I'll help you get it straightened out to the best of my ability.

Jeff
 
You must log in or register to reply here.
Back
Top