Secure Certificate Error

Discussion in 'Installation/Configuration' started by m u r, Aug 9, 2005.

  1. m u r

    m u r New Member

    When I try to go to https://archsupply.com, I get the following error:

    could not establish an encrypted connection because certificate presented by www.archsupply.com is invalid or corrupted.
    Error Code: -8182

    Any ideas on how to fix my certificate?
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    have you generated the certificate manually or in ISPConfig?
     
  3. m u r

    m u r New Member

    I followed this tutorial for Debian Sarge:

    http://www.howtoforge.com/perfect_setup_debian_sarge

    It's all a blur in my mind, but I think I did it manually.Then I followed the online ISPConfig install documentation.

    I get a different error, depending on the browser. I doubt this helps, but in ie, it says:

    Unable to establish a secure connection to 'archsupply.com'. There is a problem with the security certificate from that site (The identity certificate name is not correct.)

    In Safari, I looked at the certificate, and there is all sorts of information, including the country, state, etc. that I set up. At the top it says:

    This certificate is not valid (host name mismatch)
     
    Last edited: Aug 9, 2005
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    SSL Certificates are normally only valid for one domain (e.g. www.yourdomain.com). The error "host name mismatch" means that you have installed a ssl certificate with the wrong domain name. Make a new SSL Certificate and when ask for the domain, enter 'archsupply.com'.
     
  5. m u r

    m u r New Member

    I created a certificate in ISPConfig (site>SSL), but I still get the error. When I go to https://archsupply.com (port 80), it says, "This certificate is not in the trusted root database," and the organization is Global Technology Associates, Inc., not the information I entered in ISPConfig>site>SSL. When I go to https://archsupply.com:81, it says, "The certificate is not valid (host name mismatch)" and the organization is the stuff (that didn't matter according to the tutorial) during the install -- again, not the information I entered in ISPConfig>site>SSL. Can someone please please help me?
     
    Last edited: Aug 9, 2005
  6. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    In ISPConfig, the form of the site www.archsupply.com:

    Host: www
    Domain: archsupply.com

    And the certificate you got is not for: "www.archsupply.com" ?
    The vhost for www.archsupply.com is created by ISPConfig and you have not changed anything manually in yor httpd.conf or vhost configuration?
     
  7. m u r

    m u r New Member

    I haven't touched any of the files. If you want to log in, the password is still "admin"
     
  8. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Shure, this is a self signed certificate. If you need an official SSL-Cert take the SSL certificate request generated by ISPConfig and buy an SSL an officially signed Certificate from an SSL autority.

    The adminpanel on port 81 has nothing to do with the SSL Certificates for the sites. The SSL-Cert for the adminpanel is generated for the domain you entered in the installer.
     
  9. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Sorry, I first misunderstood your post.
     
    Last edited: Aug 9, 2005
  10. m u r

    m u r New Member

    I just meant that I haven't manually configured any of the files since I installed everything. I only created the SSL in ISPConfig.

    So, is there a way to change the SSL-Cert for the adminpanel on port 81 to "archsupply.com" without re-installing?

    or

    Do you know what I did wrong in the install? It asked me about the country, province, etc., but I don't think it ever asked for the domain. The tutorial indicated that the information I entered here wasn't important.
     
    Last edited: Aug 9, 2005
  11. m u r

    m u r New Member

    I just meant that I haven't manually configured any of the files since I installed everything. I only set up the SSL in ISPConfig.
     
  12. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    To make a new Cert for the controlpanel apache on port 81:

    http://www.howtoforge.com/forums/showthread.php?t=121
     
  13. m u r

    m u r New Member

    Well, firefox at least gives me the option now. It still says, "This certificate is not in the trusted root database." Is that normal?
     
  14. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes, because it is an self signed certificate. If you dont want to have this messgae you must buy an SSL Certificate from an SSL Authority.
     

Share This Page