SSLCertificateChainFile

Eric · Feb 25, 2006

An user purchased a Turbo SSL Certificate from GoDaddy; GoDaddy sent him the certificate for his domain and an "Intermediate Certificate" (sf_issuing.crt). The setup instruction from GoDaddy said to use SSLCertificateChainFile to install the "Intermediate Certificate" within the <VirtualHost>.

He pasted the certificate for his domain under the RSA private key, and he also pasted the CA Root Certificate in the next page; that's all he could do.

For now, we've manually added SSLCertificateChainFile /path/to/godaddy's/sf_issuing.crt in his /usr/local/directadmin/data/users/<username>/httpd.conf

It doesn't seem that the control panel has an option for pasting the "Intermediate Certificate" (please correct me if I'm wrong.)

Is there a better way to do this? Preferably without the interaction of the hosting provider.

Thanks
Eric

jmstacey · Feb 25, 2006

Try adding it through the admin level custom HTTPD Configuration, although I think that will add it to all domain virtualhosts so that won't work.

You may end up being required to make the modification manually as you have done and chmod the file so DirectAdmin won't overwrite it in the future. (Or get them to add full control over these files)

nobaloney · Feb 25, 2006

Eric said:
It doesn't seem that the control panel has an option for pasting the "Intermediate Certificate" (please correct me if I'm wrong.)

You're wrong but it's hard to see.

Near the bottom of the SSL webpage:

Click Here to paste a CA Root Certificate

The first two words are a live link to where you past the CA (intermediate) certificate.

Jeff

jmstacey · Feb 25, 2006

Well there you go

*chuckles*

Eric · Feb 26, 2006

Thanks guys!

I replaced the CA Root Certificate with the Intermediate Certificate for the user on the "Click Here to paste a CA Root Certificate" page, and it seems to work fine although the SSLCertificateChainFile has been removed in the user's httpd.conf by DA.

Code:

SSLCertificateFile /usr/local/directadmin/data/users/<username>/domains/<domain>.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/<username>/domains/<domain>.key
SSLCACertificateFile /usr/local/directadmin/data/users/<username>/domains/<domain>.cacert

Note: The content of the .cacert file is actually the Intermediate Certificate (sf_issuing.crt from GoDaddy.)

nobaloney · Feb 28, 2006

So just what is their CA Root Certificate?

You can find out easily enough using either MS Windows or X-windows with KDE or Gnome; just copy it to your desktop with a .crt extension, and then double-click it (maybe single-click on *nix desktops).

Be sure to let us know

.

Jeff

Eric · Mar 1, 2006

ValiCert (class 2)

Here's the root certificate:
https://certificates.godaddy.com/repository/valicert_class2_root.crt

Resources:
https://certificates.godaddy.com/Repository.go

nobaloney · Mar 1, 2006

Then the question would be "what is their intermediate certificate?".

For most Certificate Authorities, the root certificate is included in the domain Certificate. But if the issuing authority doesn't own their own root, then they may have to give it to you in a separate certificate.

Jeff

Eric · Mar 2, 2006

From what I understand, GoDaddy only gave our user a domain certificate and an intermediate certificate (sf_issuing.crt), which can be downloaded at https://certificates.godaddy.com/repository/sf_issuing.crt

SSLCertificateChainFile

Eric

Verified User

jmstacey

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

jmstacey

Verified User

Eric

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

Eric

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

Eric

Verified User