New Chained SSL Install

[fubacca]

Hello,

I am wanting to install a chained SSL cert on my server so all the pages will be (somewhat) protected, and still not get an annoying popup warning.

I was wondering if someone has created steps on getting this done. I am pretty new to this and am hosting a web server for friends right now. Once I get this fine tuned I'm starting a company.

Any help would be appreciated.

Thanks,
Fubacca

 

[jeffery]

I hope this will be useful for you :


http://www.directadmin.com/forum/showthread.php?threadid=3030&highlight=ChainedSSL

 

[fubacca]

I tried that and it didnt work. Followed all the steps. The key is the 2 parts in the window in DA right. I copied that out to the file /etc/httpd/conf/my domain/my domain.key

Then I copied what was emailed to me into the corresponding crt and cacrt files.

Then I modified the httpd.conf file like is posted there, but when I restart my httpd service it fails.

What am I missing here?

Thanks in advance.

Fubacca

 

[jeffery]

First, you have 3 things for the ChainedSSL.

1, The key : It's generated when you create your certificate request.

2, The Certificate : It's issued by your authority.

3, The Intermediate Cert : It's also given by your authority.


Make sure, (2) is generated by (1). They MUST match!

OK, now,
put (1) in the file :
/etc/httpd/conf/yourdomain/yourdomain.key

put (2) in the file :
/etc/httpd/conf/yourdomain/yourdomain.crt

put (3) in the file :
/etc/httpd/conf/yourdomain/yourdomain.cacrt


Alright?
Then put these 3 lines in /etc/httpd/conf/httpd.conf :

<VirtualHost XXX.XXX.XXX.XXX:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/yourdomain/yourdomain.crt
SSLCertificateKeyFile /etc/httpd/conf/yourdomain/yourdomain.key
SSLCACertificateFile /etc/httpd/conf/yourdomain/yourdomain.crt

</VirtualHost>


Now, restart httpd, it should be ok.

Inform me your progress.

 

[fubacca]

getting there.

Now I don't get the popup for my https://www.domain.com, but https://subdomain.domain.com gets the popup and so do any of my hosted sites.

This is a chained SSL cert and I set it up correctly (I think). Apache actually starts now

Any more brilliant ideas

Thanks,

Fubacca

 

[fubacca]

OK, so for the directadmin.conf file.....do I just point those lines to the crt, cacrt, and key files that the httpd.conf file point to?

or do I make copies of those files and rename them in the directadmin folder?

Thanks, and sorry for all the stupid questions. Just new to all this.

Fubacca

 

[ProWebUK]

Now I don't get the popup for my https://www.domain.com, but https://subdomain.domain.com gets the popup and so do any of my hosted sites.

you cant get a single ssl certificate to cover more than 1 domain (such as domain.com; domain2.com).

With subdomains, you are looking at a wildcard ssl certificate
Geotrust ($799 per year): http://www.geotrust.com/web_security/truebusinessidwild.htm
freessl ($299 per year): http://www.freessl.com/chainedssl/chainedssl_wildcard.html)

For single domains, chained is about the cheapest there is - but it will ONLY work for one domain (www.domain.com OR domain.com - or 1 subdomain etc)

Chris

 

[ProWebUK]

OK, so for the directadmin.conf file.....do I just point those lines to the crt, cacrt, and key files that the httpd.conf file point to?

or do I make copies of those files and rename them in the directadmin folder?

Either should work

Chris