SSL Install Problems

[blankcanvas]

Can anyone give me pointers for getting SSL to work for a domain.

I have created the CRT request ok, then sent it to my authority and got my certificate back. But they also gave me some Root .crt files that need to be installed, however I just cannot work out how to install them.

Any help very welcome as I am really stuck on this one.

Thanks

Stephen

 

[rumrugby]

hi,


where did u buy your certificate??? you should just be able to paste a text file in...

 

[rumrugby]

you're a fruitloop!!!

heres what u need to paste in:

-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgIQVTPyU81Wy+sUfpp7TRfGFjANBgkqhkiG9w0BAQUFADCB
3DELMAkGA1UEBhMCR0IxFzAVBgNVBAoTDkNvbW9kbyBMaW1pdGVkMR0wGwYDVQQL
ExRDb21vZG8gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9VGVybXMgYW5kIENvbmRp
dGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5uZXQvcmVwb3NpdG9yeTEf
MB0GA1UECxMWKGMpMjAwMiBDb21vZG8gTGltaXRlZDEsMCoGA1UEAxMjQ29tb2Rv
IENsYXNzIDMgU2VjdXJpdHkgU2VydmljZXMgQ0EwHhcNMDQwMzI2MDAwMDAwWhcN
MDYwMzI2MjM1OTU5WjCCAQ0xCzAJBgNVBAYTAkdCMRAwDgYDVQQREwdTVzUgOUZF
MQswCQYDVQQIEwJOQTEPMA0GA1UEBxMGTG9uZG9uMR0wGwYDVQQJExQyMzUgRWFy
bHMgQ291cnQgUm9hZDETMBEGA1UECRMKU3RkdWlvIDMxODEcMBoGA1UEChMTTWFp
bnN0cmVhbSBTZXJ2aWNlczEeMBwGA1UECxMVVGVjaG5pY2FsIERldmVsb3BtZW50
MR8wHQYDVQQLExZIb3N0ZWQgYnkgQmxhbmsgQ2FudmFzMRMwEQYDVQQLEwpQcmVt
aXVtU1NMMSYwJAYDVQQDEx13d3cubWFpbnN0cmVhbS1zZXJ2aWNlcy5jby51azCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApfwIGXI8p4ZmgudDfCxDoRcu0DFu
5vVpw+s1V1a0fLuX57W45K0KCktiOCOezlISfQbPVk7sfYFix8PwJmxVVtSNDBV2
OtYnahb+6rb1fNMFh9spmI/UusWwV51lczDewF53zyFdPipNozSjXPdAmo0JxEkx
QgC6+T3tgeZqPmkCAwEAAaOCAY8wggGLMB8GA1UdIwQYMBaAFDbg6HxtnUWR7pnl
QnZNcLNQMKxeMB0GA1UdDgQWBBTLRKKhRSRnhQ65eRBSZRbBWOU1CDAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwRgYDVR0gBD8wPTA7BgwrBgEEAbIxAQIBAwQwKzApBggrBgEFBQcCARYd
aHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9DUFMwgbAGA1UdHwSBqDCBpTA4oDag
NIYyaHR0cDovL2NybC5jb21vZG8ubmV0L0NsYXNzM1NlY3VyaXR5U2VydmljZXNf
My5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NsYXNzM1NlY3Vy
aXR5U2VydmljZXNfMy5jcmwwLaAroCmBJ0NsYXNzM1NlY3VyaXR5U2VydmljZXNf
M0BjcmwuY29tb2RvLm5ldDARBglghkgBhvhCAQEEBAMCBsAwDQYJKoZIhvcNAQEF
BQADggEBAMbJin+n86lyIBQbRcywS+VUbmvQTVDICF5CaEKse8+KUJ9tyBiBweqP
1UAQyg603BVpulvTCGm1PAaybwpYK/EJc5ffslmnOzCkpHd6k+WPfyCfJs6mPsRk
P8fUqONMx0a2rke7RPFp4JZCNQxg/B8rDZ6r9+TNIOwH7IGcozrahRQPPdizy06Z
BLcvaK5kC12M3OGJZ28LIplE/mak1xhvDqiyff3pJJQLMxZiwDo5vs6bNv5BddD5
1mDHStnku4u8LijEaknZhXVhLfwHbNqZ4LWi8ltS61un6z36Gm5GCR1HvH+fB8JN
ZSlu6hpz09Xujn5n3FbkAKVd7644Wfk=
-----END CERTIFICATE-----

 

[blankcanvas]

Unable to find key

Hi,

I tried that and all I get is:

---------------------------------------------
Could not execute your request

Details
Unable to find key
---------------------------------------------

Again any pointeres would be appreciated.

Thanks

Stephen

 

[rumrugby]

you may have to buy a new one then, i would go with geotrust if i were you, i think you can get them for $49 at ev1servers.net .

sorry, maybe someone else will know what you can do...

 

[rumrugby]

worked it out...

since it says you need to paste a "pre-generated certificate and key" then maybe you must paste the certificate request that you made earier followed by the actual certificate.

im sure this will fix it...tell me if i does or doesnt

 

[DirectAdmin Support]

Hello,

On the main SSL page in DA, you paste in both the key that should already be there (assuming User account) and the certificate. Click the radio button beside "Paste a pre-generated certificate and key" and then click Save.

Once the certificate and key show up in that textarea, then click "Click Here to paste a CA Root Certificate" (bottom of SSL page). Paste the root certificate in the textarea on the page via that link.

Also, make sure that SSL is actually turned on for that domain
User Panel -> Advanced Tools -> Domain Administration -> domain.com -> SSL = ON

John

 

[bkluth]

I have done all of this, including adding the CAs to the cert. Everything says "completed sucessfully", but I am still getting the "cert not trusted" warning on all THREE sites that I have installed.

I am rather new to DA, but again, everything said it worked ok, but no results.

Any suggestions appreciated!

Thanks

 

[nobaloney]

Is apache using your new cert?

In other words, when you bring up your site in your browser and click on the secure site symbol (usually a lock), it locked or unlocked?

Does the cert information show the name of the new cert, or of a self-signed or temporary cert?

If it shows as locked, and the new cert, then you haven't installed the "root" or "chain" cert properly.

Jeff

 

[bkluth]

Yes, it is seeing a Comodo class 3 cert...and I DID install the CAs just like it says to in the admin area. It even tells my "installation sucessful"



Any other ideas...how can I check things out? Is there a way to test anything?

Thanks

 

[DirectAdmin Support]

Hello,

whats the domain name? https://www.domain.com should let you know pretty quick. Also remember to always close all browsers when playing with certificates because the have a nasty tendancy to cache the old certificates, causing mass confusion

John

 

[bkluth]

well, see for yourself...

https://www.soniccathedral.com
https://www.heavenlymistofdreams.com
https://www.wla-md.org

I get warning but cert is issued by Comodo...I don't understand.

Again, DA says "successful" but still no worky worky.

Thanks

 

[macro_mote]

I think the problem is with your certificate not with DA. Each browser has a built-in Trusted Certification Authorities listing. When you purchase a certificate from someone who is not on the internal list, the browser automatically distrusts it by default and displays a popup alert to the visitor. Then it's up to the visitor to decide whether he wants to proceed and/or add the certificate to his browser's listing to prevent the popup from displaying the next time.

 

[bkluth]

it worked on my other two servers just fine. Same cert.

I will keep looking and let you know what I find out.

Thanks for trying though!

 

[macro_mote]

I did some reading on Comodo. It doesn't have its own Trusted Root CA certificate. Instead, it relies on being chained to GTE CyberTrust Root CA which was owned by Baltimore Technologies and sold to BeTrusted in Sep last year. The two seemed to have had a murky relationship at the end of last year: http://www.dslreports.com/forum/remark,9114836~mode=flat .

Anyway, Comodo's cert needs to be chained with a trusted cert like GTE CyberTrust otherwise the popup appears because it's not in the browsers' internal list. Don't know DA handles chained certs okay or whether you aren't entering the correct info to make sure the two are chained.

 

[bkluth]

AAAAHHHHHHH!

Got it!

stupid me, probably...
you have to install thier BUNDLED CERTS rather than just the root cert itself.

I feel like an idiot...but they don't make this stuff EASY!

Thanks for at least getting me thinking again.

'preciate it.