We installed an SSL certificate for www.robotcow.com. The certificate was issued by GoDaddy. We also installed an intermediate certificate, and edited the Apache ssl.conf file. This thread was very helpful: http://www.howtoforge.com/forums/showthread.php?t=1566 HOWEVER... The certificate seems to be recognized just fine by IE 6, but Firefox 2.0 is giving an error message (see screen cap image). Any ideas?
It should be mentioned that the new RobotCow web site isn't live yet. The new site is at: https://204.10.140.74/ TIA!
It looks like the certificate authority is not known by firefox. I recommend to ask godaddy if the root cert for their certificate chain is accepted by firefox too.
I called GoDaddy and spoke directly with their SSL department (phone: 480-505-8852 if anyone ever needs it). The problem is the issuing certificate is not installed correctly. The issuing certificate is specific to GoDaddy (so it's the same for all their customers). IE can apparently validate the web site certificate w/o the issuing certificate, but neither Firefox nor Safari do this, so they both return errors. I now know what the problem is; next I need to figure out how to fix it.
You might have to install an intermediate certificate in your Apache. GoDaddy should have instructions about this.
That was exactly the issue -- we didn't have the intermediate certificate installed correctly. GoDaddy's instructions are weak -- they don't know anything about ISPConfig and acted like they had never heard of it. Problem now solved!
Well, I would say that it is related to ISPConfig, since the SSL certificate itself is installed through ISPConfig. The intermediate certificate is not, which was confusing for a n00b like me. It would be nice if either the ISPConfig manual mentioned something about intermediate certificates and/or the GoDaddy instructions mentioned ISPConfig at all. Thank goodness for these forums! Otherwise we would still be trying to figure everything out. All is well now.
I also need to install an intermediate certificate. Any chance you could point me to the walk-through/howto on installing the intermediate cert in Apache?
I found out that they were included with the SSL certificate. Got it done last night. Thanks for the reply.
First of all - I so appreciate Till and Falko and all their hard work and help they provide. Thanks. I totally agree with this - I have installed three of these godaddy certs over the the last few years and each time I have to relearn the procedure. What confuses me each time is that I can do this directly from other hosting control pannels like hsphere, so I always assume I'm doing something wrong with ISPconfig. I think it would be ideal if there was a way to add intermediate chain certs through ISP config. After all, many of us are using ISPconfig to save money without sacrificing function, and that's exactly why I choose the cheaper SSL certs like those from Godaddy.
Yes, I agree this would be very useful. I'm still having trouble though. I edited /etc/apache2/vhosts/Vhosts_ispconfig.conf instead of the apache httpd.conf file like godaddy said because thats where I found everything they were talking about. I downloaded their intermediate certficate from their repository and uploaded it and added the "SSLCertificateChainFile" and directory but still no luck. I have restarted apache. Anyone have any ideas?
Hey what problem are you having with your godaddy ssl cert? if you edit Vhosts_ispconfig.conf directly the next update you make to any site that file is rewrote and you change will be lost. I would add the Code: SSLCertificateChainFile /var/www/web#/ssl/gd_intermediate_bundle.crt to the Apache Directives feild for the site in the control panel. just be sure you uploaded the gd_intermediate_bundle.crt to the ssl folder for your site. You might also have to restart apache2.
Yes, sorry I wrote that wrong, I added it to the apache directives. I didn't upload that file, Where can I find it? All that I uploaded was sf_issuing.crt
! It worked. I uploaded the wrong file. For future reference, do not upload sf_issuing.crt, upload gd_intermediate_bundle.crt to your ssl folder. Thanks everyone!!
