Site SSL not working

Discussion in 'Installation/Configuration' started by cic, Sep 27, 2007.

  1. cic

    cic New Member

    I'm attempting to install an SSL certificate from Thawte and it doesn't appear to be working. I first created a CSR by filling in the information on the SSL tab and selected Create Certificate. I then submitted that information to Thawte for SSL creation. Once I received the SSL from Thawte, I copied the information into the SSL Certificate area on the SSL tab and clicked Save Certificate. But, when I try to go the https of the site, I get the certificate warning stating that the certificate is not from a trusted authority. The certificate appears to have been issued from the site itself. What did I not do correctly?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You will have to add the authority chain (bundled cert) for thawte in your apache2.conf file. Thawte has sent you some infos in the mail together with the cert that explain this.
  3. cic

    cic New Member

    Ok...I've read what Thawte has online and done some additional research but I'd appreciate a "blessing" before I add lines to my httpd.conf. If you can't tell, I'm new to web hosting with Apache on Linux. here's what I've done. I've bound 2 IPs to my eth0, added the second IP to the list of available IPs within ISPConfig. I've saved my SSL certificate to SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
    and here's an example of what I'm going to add to the httpd.conf:

    DocumentRoot /var/www/
    ServerAdmin [email protected]
    ErrorLog /root/ispconfig/httpd/logs/ssl_error_log
    TransferLog /root/ispconfig/httpd/logs/ssl_access_log
    SSLEngine On
    SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/domainname.crt
    SSLSessionCache dbm:/root/ispconfig/httpd/logs/ssl_scache
    SSLSessionCacheTimeout 300
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

    Does this look correct?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This is all configured by ISPConfig correctly as you entered the cert, so you dont have to change the certificate settings! Please do not modify your vhost like this as it will mess up your installation. What you are missing is that you did not include certificate bundle.

    You will have to add a line like this:

    SSLCertificateChainFile /etc/ssl/crt/

    to your apache2.conf file that points to the chain certificates from thawte (not to the cert that you received for the domain).
  5. cic

    cic New Member

    1) Are you saying that I shouldn't have bound a second IP to the ISPConfig server to handle the SSL site? If so, I can easily remove it.

    2) I am unclear on this line: "SSLCertificateChainFile /etc/ssl/crt/" I understand that I need to add it to the apache2.conf file however I am very unclear as the the file itself ( According to the email that I recieved from Thawte, the only thing I received was a certificate. I did not receive anything that represented another file. Where do I get/how do I create the .ca file?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    1) If you have two external IP addresses, then you may use a second external IP for the website of course.

    2) It might be that there is no certificate bundle needed, if the current thawte certificates has been delivered with your browser or operating system. Please make a screenshot of the exact certificate information that is shown in your browser when you view the cert details.
  7. cic

    cic New Member

    Ok Till... I'm back on this... I had to rebuild my server so I'm kinda starting from scratch. I did exactly how the manual describes to install an SSL certificate but when I go to, I don't get any errors but it instantly reverts to a non-https site (ie - the url changes to Any ideas?

Share This Page