SSL Certificate troubles....

G

GlennH

Verified User
Joined
Jul 10, 2004
Messages
49
I recieved my certificates today. I just havent got it down, and my site is still not secure.

Basic questions for some people, maybe im missing a page or two from the docs.

I recieved 3 files from the CA

GTECyberTrustRoot.crt
ComodoSecurityServicesCA.crt
www_mydomain_com.crt

I tried following the directions in the DirectAccess help site, every time I recieved a message that the certificate looked ok and my site should be secure in a few min. but recieved the snakeoil warnings.
Then I looked at the info on how to install to apache mod_ssl and saw that DA didnt look as if it did any thing.


Im I correct in saying that my private key was generated by DA when I created a certificate request ?

According to http.conf in /usr/local/directadmin/data/users/user/httpd.conf
that would be the
SSLCertificateKeyFile/etc/httpd/conf/ssl.key/server.key ?
SSLCertificateFile would be my public key www_mydomain_com.crt ?

and that needs to be renamed to server.crt ?

(its path is in /ect/httpd/conf/ssl.crt/server.crt)

The last file SSLCACertificateFile would be the ComodoSecurityServicesCA.crt
and again, according to the httpd.conf belongs in,
/usr/local/directadmin/data/users/user/domains/ComodoSecurityServicesCA.crt ?

I hope someone can make sense of this,
Thanks,
Glenn H
 
nevermind !
I looked into the logs, and saw that when DirectAdmin secured a page, it looked for the files in the empty private_html directory. I edited the http.conf file and it works now.

One question left, is there any security risk in having apache serve secure and unsecure pages from the same directory at the same time ?

I dont understand why the secured virtual host would be set to another dir...

thanks again, Glenn

Glenn H
 
Only the risk that the user will call a page that he should call securely, insecurely, and pass sensitive information such as passwords, credit card info, etc., in open text.

If you're in the California, and you pass some sensitive user information in plaintext, then you're responsible and must notify the user that his data may have been compromised. I don't know the rules in the rest of the country.

If you're going to use public_html for both http and https connections then you should probably make sure you'll never send back sensitive information.

Jeff
 
Can anyone tell me how I can "link" the private_html directory to the public_html directory?

I don't want to maintain two sets of identical files! :mad:

Thanks!
 
Hey,

Make sure there is nothing in the private_html directory you want to keep, then:

cd /home/USERNAME/YOUR_DOMAIN.COM
rm -rf private_html
ln -s public_html private_html

Basically, with the above commands, you are changing into the directory that contains the private_html directory:

cd /home/USERNAME/YOUR_DOMAIN.COM

then you are removing the private_html directory and contents:

rm -rf private_html

and finally you are creating the symbolic link:

ln -s public_html private_html

David
 
You missed a bit David...

The path is:

/home/USERNAME/domains/YOUR_DOMAIN.COM

Without the "/domains" addition it won't work.

Jeff
 
Hey,

Yep, you're right... thanks.

Should be:

cd /home/USERNAME/domains/YOUR_DOMAIN.COM
rm -rf private_html
ln -s public_html private_html

David
 
I'm trying to link a directory only

ln -s public_html/admin private_html/admin

But going to https://www.domain.com/admin gives me a 404 error. Isn't this supposed to work? The link works in shell.

Similarely, I get the "Hey it worked" Apache page as the front page of https://www.domain.com/ instead of my own index.php
 
Last edited:
Who owns the link?

When I try to reach anything at domain.com all I get is timeouts.

Jeff
 
Your domain appears to be pointing to the main server html site at:

/var/www/html

Which it really shouldn't be doing.

What's your server hostname?

Jeff
 
I can't tell without a login why this domain, which should be set up as a virtual domain, is redirecting to the main server instead :( .

Jeff
 
Could it be that it's the server wide certificate, while the virtual account has no own certificate and no own IP?

If you don't mind, I could PM you an admin login, if you'd like a peek...
 
Nevertheless, even if you're using a shared cert, the domain should still point to it's own directories.

Because server administration is our business, we do NOT log into servers except under paid contract.

Our current non-contract rates make us too expensive for most simple jobs such as this, but we are looking at developing a "per incident' pricing model.

Perhaps somone else will be able to help you.

Jeff
 
You must log in or register to reply here.
Back
Top