#1  
Old 27th September 2007, 03:13
cic cic is offline
Junior Member
 
Join Date: Jul 2007
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default Site SSL not working

I'm attempting to install an SSL certificate from Thawte and it doesn't appear to be working. I first created a CSR by filling in the information on the SSL tab and selected Create Certificate. I then submitted that information to Thawte for SSL creation. Once I received the SSL from Thawte, I copied the information into the SSL Certificate area on the SSL tab and clicked Save Certificate. But, when I try to go the https of the site, I get the certificate warning stating that the certificate is not from a trusted authority. The certificate appears to have been issued from the site itself. What did I not do correctly?

Thanks!
Troy
Reply With Quote
Sponsored Links
  #2  
Old 27th September 2007, 08:11
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

You will have to add the authority chain (bundled cert) for thawte in your apache2.conf file. Thawte has sent you some infos in the mail together with the cert that explain this.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 28th September 2007, 04:40
cic cic is offline
Junior Member
 
Join Date: Jul 2007
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok...I've read what Thawte has online and done some additional research but I'd appreciate a "blessing" before I add lines to my httpd.conf. If you can't tell, I'm new to web hosting with Apache on Linux. here's what I've done. I've bound 2 IPs to my eth0, added the second IP to the list of available IPs within ISPConfig. I've saved my SSL certificate to SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
and here's an example of what I'm going to add to the httpd.conf:

<VirtualHost xxx.xxx.xxx.2:443>
DocumentRoot /var/www/www.domainname.com
ServerName xxx.xxx.xxx.1
ServerAdmin webmaster@domainname.com
ErrorLog /root/ispconfig/httpd/logs/ssl_error_log
TransferLog /root/ispconfig/httpd/logs/ssl_access_log
SSLEngine On
SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/domainname.crt
SSLSessionCache dbm:/root/ispconfig/httpd/logs/ssl_scache
SSLSessionCacheTimeout 300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

Does this look correct?
Reply With Quote
  #4  
Old 28th September 2007, 07:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

This is all configured by ISPConfig correctly as you entered the cert, so you dont have to change the certificate settings! Please do not modify your vhost like this as it will mess up your installation. What you are missing is that you did not include certificate bundle.

You will have to add a line like this:

SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

to your apache2.conf file that points to the chain certificates from thawte (not to the cert that you received for the domain).
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 2nd October 2007, 05:07
cic cic is offline
Junior Member
 
Join Date: Jul 2007
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default

1) Are you saying that I shouldn't have bound a second IP to the ISPConfig server to handle the SSL site? If so, I can easily remove it.

2) I am unclear on this line: "SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle" I understand that I need to add it to the apache2.conf file however I am very unclear as the the file itself (yourSERVERNAME.ca). According to the email that I recieved from Thawte, the only thing I received was a certificate. I did not receive anything that represented another file. Where do I get/how do I create the .ca file?
Reply With Quote
  #6  
Old 2nd October 2007, 10:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

1) If you have two external IP addresses, then you may use a second external IP for the website of course.

2) It might be that there is no certificate bundle needed, if the current thawte certificates has been delivered with your browser or operating system. Please make a screenshot of the exact certificate information that is shown in your browser when you view the cert details.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 04:03
HTTPS site not working. suidas Installation/Configuration 3 7th May 2007 10:59
SSL not working for individual site. FeraTechInc General 4 1st March 2007 20:26
ISPConfig stop working after i add a new site xTiNcTion Installation/Configuration 4 5th January 2007 23:55


All times are GMT +2. The time now is 22:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.