SSL Certificate will not work

Discussion in 'Installation/Configuration' started by owainbaber, Dec 3, 2009.

  1. owainbaber

    owainbaber New Member

    I installed CentOS and ISPConfig 3 as the 'The Perfect Server - CentOS 5.3 x86_64 [ISPConfig 3]' instructions say. One of the domains hosted is an ecommerce and although we don't take credit card details I would still like it secure for user confidence. So I went to comodo and requested an IntantSSL certificate. I generated my CSR through ISPConfig and pasted it at comodo and got an Apache mod SSL certificate bundle. I pasted the certificate I got from comodo into ISPConfig and saved it. I then added the line '
    SSLCertificateChainFile /var/www/clients/client1/web/ssl/www_savacomp_com.ca-bundle' to the Apache directives box within ISPConfig. I then restarted - /etc/init.d/httpd restart
    Now when I go to my website using hhtps rather than http I still have a certificate error with the certificate issued to localhost.localdomain. Does anybody know why that would happen as its driving me nuts!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the exact error messages from the apache error log of the website and the sl error log. Also the chain file has not be inserted like you did it, there is a field for the chain file in ispconfig named SSL Bundle where you have to add the contents of the bundle certificate.
     
  3. owainbaber

    owainbaber New Member

    This is my ssl_error_log

    [Thu Dec 03 14:53:02 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Dec 03 14:53:02 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
    [Thu Dec 03 15:08:05 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Dec 03 15:08:05 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
    [Thu Dec 03 16:33:03 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Dec 03 16:33:03 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
    [Thu Dec 03 16:33:27 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Dec 03 16:33:27 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
    [Thu Dec 03 16:33:28 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Dec 03 16:33:28 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
    [Thu Dec 03 16:33:52 2009] [error] [client 192.168.1.1] Directory index forbidden by Options directive: /var/www/html/
     
  4. owainbaber

    owainbaber New Member

    Error_log from /var/log/httpd

    [Thu Dec 03 14:52:53 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Thu Dec 03 14:52:53 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [Thu Dec 03 14:53:01 2009] [notice] SIGHUP received. Attempting to restart
    [Thu Dec 03 14:53:02 2009] [notice] Digest: generating secret for digest authentication ...
    [Thu Dec 03 14:53:02 2009] [notice] Digest: done
    PHP Warning: PHP Startup: mssql: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    PHP Warning: PHP Startup: tidy: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    [Thu Dec 03 14:53:02 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Thu Dec 03 14:53:02 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [Thu Dec 03 15:08:04 2009] [notice] SIGHUP received. Attempting to restart
    [Thu Dec 03 15:08:04 2009] [notice] Digest: generating secret for digest authentication ...
    [Thu Dec 03 15:08:04 2009] [notice] Digest: done
    PHP Warning: PHP Startup: mssql: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    PHP Warning: PHP Startup: tidy: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    [Thu Dec 03 15:08:05 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Thu Dec 03 15:08:05 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [Thu Dec 03 16:33:03 2009] [notice] SIGHUP received. Attempting to restart
    [Thu Dec 03 16:33:03 2009] [notice] Digest: generating secret for digest authentication ...
    [Thu Dec 03 16:33:03 2009] [notice] Digest: done
    PHP Warning: PHP Startup: mssql: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    PHP Warning: PHP Startup: tidy: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    [Thu Dec 03 16:33:03 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Thu Dec 03 16:33:03 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [Thu Dec 03 16:33:27 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Thu Dec 03 16:33:28 2009] [notice] Digest: generating secret for digest authentication ...
    [Thu Dec 03 16:33:28 2009] [notice] Digest: done
    PHP Warning: PHP Startup: mssql: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    PHP Warning: PHP Startup: tidy: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0
    [Thu Dec 03 16:33:28 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Thu Dec 03 16:33:28 2009] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
     
  5. owainbaber

    owainbaber New Member

    Site error.log


    [Thu Dec 03 18:35:05 2009] [error] [client 192.168.1.1] SecurityException in Application.cpp:496: Handler not found in configuration
    [Thu Dec 03 18:35:05 2009] [error] [client 192.168.1.1] Caused by KeyNotFoundException in Configuration.cpp:234: Handler "x-httpd-php" not found
    [Thu Dec 03 18:35:05 2009] [error] [client 192.168.1.1] Premature end of script headers: index.php
    [Thu Dec 03 18:35:05 2009] [error] [client 192.168.1.1] File does not exist: /var/www/error/500.html

    This error was generated when trying to access site with https:
     
  6. owainbaber

    owainbaber New Member

    I am going to regenerate another certificate and this time paste the contents of the bundle file into ispconfig.
     
  7. owainbaber

    owainbaber New Member

    no joy with new certificate, still says localhost.localdomain
     
  8. owainbaber

    owainbaber New Member

    I have also noticed that every now and again it opens the default apache page!
     
  9. jlaughy

    jlaughy Member

    yesterday I ordered a Comodo certificate.

    I use ISPConfig 2.2.35
    I took SSL Request: ----XXXXXX
    Hav send it to the Certificate auth.

    This morning I received the certificate
    After installing my server would not start again :(

    What did I do wrong

    WKR, JL
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Any errors in Apache's error log?
     
  11. jlaughy

    jlaughy Member


    No errors .... as I can see.
    Now the ssl autority is searching now what the problem can be.

    WKR, JL
     
  12. koltz

    koltz New Member

    I am having the same issue with CentOS 5.3 x64 and ISPConfig 3.0.1.6. I followed the directions and installed the certificate via ISPConfig as I should, but for some reason it is bringing up the local certificate when a user goes to a secure site on my domain. My logs look pretty much the same as above posted.
     

Share This Page