HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Site SSL not working (http://www.howtoforge.com/forums/showthread.php?t=15825)

cic 27th September 2007 04:13

Site SSL not working
 
I'm attempting to install an SSL certificate from Thawte and it doesn't appear to be working. I first created a CSR by filling in the information on the SSL tab and selected Create Certificate. I then submitted that information to Thawte for SSL creation. Once I received the SSL from Thawte, I copied the information into the SSL Certificate area on the SSL tab and clicked Save Certificate. But, when I try to go the https of the site, I get the certificate warning stating that the certificate is not from a trusted authority. The certificate appears to have been issued from the site itself. What did I not do correctly?

Thanks!
Troy

till 27th September 2007 09:11

You will have to add the authority chain (bundled cert) for thawte in your apache2.conf file. Thawte has sent you some infos in the mail together with the cert that explain this.

cic 28th September 2007 05:40

Ok...I've read what Thawte has online and done some additional research but I'd appreciate a "blessing" before I add lines to my httpd.conf. If you can't tell, I'm new to web hosting with Apache on Linux. here's what I've done. I've bound 2 IPs to my eth0, added the second IP to the list of available IPs within ISPConfig. I've saved my SSL certificate to SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
and here's an example of what I'm going to add to the httpd.conf:

<VirtualHost xxx.xxx.xxx.2:443>
DocumentRoot /var/www/www.domainname.com
ServerName xxx.xxx.xxx.1
ServerAdmin webmaster@domainname.com
ErrorLog /root/ispconfig/httpd/logs/ssl_error_log
TransferLog /root/ispconfig/httpd/logs/ssl_access_log
SSLEngine On
SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/domainname.crt
SSLSessionCache dbm:/root/ispconfig/httpd/logs/ssl_scache
SSLSessionCacheTimeout 300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

Does this look correct?

till 28th September 2007 08:56

This is all configured by ISPConfig correctly as you entered the cert, so you dont have to change the certificate settings! Please do not modify your vhost like this as it will mess up your installation. What you are missing is that you did not include certificate bundle.

You will have to add a line like this:

SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

to your apache2.conf file that points to the chain certificates from thawte (not to the cert that you received for the domain).

cic 2nd October 2007 06:07

1) Are you saying that I shouldn't have bound a second IP to the ISPConfig server to handle the SSL site? If so, I can easily remove it.

2) I am unclear on this line: "SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle" I understand that I need to add it to the apache2.conf file however I am very unclear as the the file itself (yourSERVERNAME.ca). According to the email that I recieved from Thawte, the only thing I received was a certificate. I did not receive anything that represented another file. Where do I get/how do I create the .ca file?

till 2nd October 2007 11:09

1) If you have two external IP addresses, then you may use a second external IP for the website of course.

2) It might be that there is no certificate bundle needed, if the current thawte certificates has been delivered with your browser or operating system. Please make a screenshot of the exact certificate information that is shown in your browser when you view the cert details.

cic 16th October 2007 19:01

Ok Till... I'm back on this... I had to rebuild my server so I'm kinda starting from scratch. I did exactly how the manual describes to install an SSL certificate but when I go to https://www.domainname.com, I don't get any errors but it instantly reverts to a non-https site (ie - the url changes to http://www.domainname.com). Any ideas?


All times are GMT +2. The time now is 00:13.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.