ssl Certificate Invalid

Discussion in 'Installation/Configuration' started by simplyworks, Aug 7, 2006.

  1. simplyworks

    simplyworks New Member

    Hello,

    I created the ssl certificate using ISPconfig and this is the only domain using this IP. When I access https://www.example.com I get the security warning stating the name on the certificate does not match the domain.

    when veiwing the certificate, it does state issue by: localhost.localdomain which explain the warning.

    In veiwing the Vhost file all looks correct.
    SSLEngine on
    SSLCertificateFile /home/www/web1/ssl/www.example.com.crt
    SSLCertificateKeyFile /home/www/web1/ssl/www.example.com.key

    From what I can tell, I'm am pulling up this certificate
    /etc/pki/tls/private (date matchs build date)

    Background info:
    Fedora Core 5 built using the How to
    Ispconfig
    I have restarted the httpd after changes


    What should I try next?

    Thanks,
     
    Last edited: Aug 7, 2006
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    If you accept the certificae, which page do you see? The same content as for http://example.com (without https) or the shared IP page?
     
  3. simplyworks

    simplyworks New Member

    When I accept the certificate I do get the correct page for https://example.com.

    When I view the certificate it is issued by localhost.localdomain. It should be www.example.com correct?
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the hostname and domain name of that web site (it's on the "Basis" tab)?
     
  5. simplyworks

    simplyworks New Member

    the setting are

    Hostname: www
    Domain: example.com

    thanks,
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Then the FQDN in the cert should be www.example.com. Are you sure you're using the right certificate? On the correct site?
     
  7. simplyworks

    simplyworks New Member

    Yes, That is the problem.

    When I visit https://www.example.com I am presented with a ssl certificate for the server and NOT the certificate list in the Vhost file path which was created by ISPconfig interface.

    I have done a restart of httpd and Ispconfig

    I guess, for a work a round I could move the ssl cert. from:
    SSLCertificateFile /home/www/web1/ssl/www.example.com.crt
    SSLCertificateKeyFile /home/www/web1/ssl/www.example.com.key

    TO:
    /etc/pki/tls/private (this the key that is presented)

    Thanks,
     
  8. simplyworks

    simplyworks New Member

    Well, the above worked. I move the .crt and .key . Then renamed them and restarted.

    I still do not know why apache is not following the vhost directive for this domain?:confused:
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in Vhosts_ispconfig.conf?
     

Share This Page