SSL Certificates - possible install issues

[rszkutak]

first off, i know for a fact SSL certificates are entirely a breeze but this one baffles me.

we have a static IP address for our a site on our server, records are proper and everything looks good on the server but the SSL is not working correctly.

The website is essentially the same in HTTP and HTTPS, it's for medical billing. When we go to the site with the certificate that has been requested, then the CSR uploaded, and the certificate from godaddy.com imported into the system it went okie dokie... however it never updated on the system with the new cert. I installed the cert at 2:30pm, and it's now 4:10, still having yet to update.

https://www.sequoiamedicalbilling.com

This is the error we see.
75.126.220.101:443 uses an invalid security certificate.

The certificate is not trusted because it is self signed.
The certificate is only valid for <a id="cert_domain_link" title="localhost.localdomain">localhost.localdomain</a>
The certificate expired on 5/21/08 3:04 AM.

(Error code: sec_error_expired_issuer_certificate)


Secure Connection Failed

75.126.220.101 uses an invalid security certificate.

The certificate is not trusted because it is self signed.
The certificate is only valid for localhost.localdomain
The certificate expired on 5/21/08 3:04 AM.

(Error code: sec_error_expired_issuer_certificate)



Anyone got any idea's on this ?

 

[nobaloney]

Try restarting apache to see if it makes a difference. If not, then search these forums for other suggestions; search for localhost.localdomain. If you can't find anything then check on the server to see where the certificate lives, and check the userlevel httpd.conf file to see if apache is looking for it in the right place.

All else fails, call me .

Note to everyone: this is NOT a baldface attempt to get business (though I'm not above those either); Rob is a personal friend.

Note to Rob: on the last line of your sig, in the last word: isn't there an i missing? Or am I misreading the meaning of MCSE ?

Jeff

 

[rszkutak]

Jeff,
Thanks i'll give you a shout a little later today, we need to catch up as well ! Now wife has got me going to the grocery store to pick up some food for the house, and Purina Dog Chow for her ha ha ... ok ya, that was bad... lol !

 

[mikeynuts]

How did you get this fixed... I am having the same problem.

 

[scsi]

Dont use a self signed certificate?

 

[rszkutak]

it was pretty simple, basically paste in the SSL certificate from the issuer below the CRS request. As shown below.

I removed some key's and added jibberish to the certificate as well, so it's not entirely accurate.


-----BEGIN RSA PRIVATE KEY-----
icAKqdqmNCwnOKf3CcgqRxaHBP1I1k+zOzxfryFlJU+TPgxIoVXugV/65wIDAQAB
AoGAYu6TuFvlM7TXz0j34iOKJA3mYfTKNgNdQmg1rCygslHLNUhDCE/GJa/kqyQK
H813p0w1l9e8U51els6C+uN83/7Ujz0JlgixV+iQStQSHPjYBZ6DwuBtjWECQQCa
Df6JYm4/YEPMNVvw0s4YmEyjB9082+1R+BeQndCF24W9N2Jh4Doq6YuiZk6Y2jGh
e9k0QupJJH5YtwUBH9WFAkAjd4AnRKCP38OyD75PNSRaBv+nkM10zrp1zt2sZLen
MnscrthlOxpJ/aAhXp1QfaBMVid/MGjqokY9ywpcuaGU
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEAOCOITANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMC
ZWRpY2FsYmlsbGluZy5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlk
YXRlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7BjVenri2vExefZ7Ucc
rCo/kDErMH5t4DSrMKhCyeigdPgsWLzmLJhAXGlJA6rT/U6K8ygM0OV75B9Pbdej
BZVHdvigSPJHUoJARpEXSlvfu1J5OYnACqnapjQsJzin9wnIKkcWhwT9SNZPszs8
X68hZSVPkz4MSKFV7oFf+ucCAwEAAaOCAdUwggHRMA8GA1UdEwEB/wQFMAMBAQAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAy
BgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMC5j
/l9pQc
kfn/xP3XKtWFzumMLpCiMA0GCSqGSIb3DQEBBQUAA4IBAQCRT9jhR7WBhtt5o3SA
BpUqTUC/HHSDxwry9CH16AWoOyFgEEQ0o92N1HrySHBXY58fGLuZlTnk9D3kEDs/
4XX192P4Ypl1isWoxp7c85YoVjk5a4haPag4d5p+PyGxAtOgC9UOaR4dT4ar6qRI
5OTYLPAnVjwJzpxHf424calNbScxVzkfFEHoGPaDQA7KPg+6oVaUVkM2SEtGQfVX
j8GCXrK8rfkER7pzZIA+KzwzzSI2x6zJznqwlERkRd8VqmdfY01Yq8Vjo2CVFr1i
anYWia4ytTbOuh3/d/aDCBSlkYGlahGdzTZ9T5Wh+aDk0+ngXp1u0gVFH9ZC9IdH
jYKH
-----END CERTIFICATE-----

 

[nobaloney]

Rob, I removed some lines from your private key as well... it's the private key you need to protect; your certificate is sent to the browser of anyone who visits your site.

But if someone has both the Certificate and the private key and they can poison DNS they can redirect from your site to their own, and the Certificate will look perfectly good.

I noticed you still call yourself as an MCSE and a PMP. You need to put the i back into the last word, to make sure people understand what an MCSE really is .

Jeff

 

[rszkutak]

Thanks jeff, i acutally had removed a few random lines acorss the private and public key, but more in the public key.

 

[floyd]

basically paste in the SSL certificate from the issuer below the CRS request.

You past it below the RSA Key not the CSR.