Install Free SSL Certificate from startssl.com on the website

Hi,

So I've spent hours trying to install in on my website (dedicated Ubuntu server with ISPConfig v3.1).
I've followed this tutorial and although StartSSL.com interface has changed I was able to follow and paste ca.pem from StartSSL.com into “SSL Bundle” also since it didn't work with I've tried to paste both 1_root_bundle.crt and 2_www.mydomain.com.crt from Apache zip file downloaded from FreeSSL.com
When I open https://www.mydomain.com it still tells me that connection is not private instead of green lock just like on this site. I'm using Google browser.
Can someone please help me with this?

 

paste the data from startssl into the ssl-tab of the website and choose save cert.

 

Thanks for taking time to reply!
In which box under SSL do 1_root_bundle.crt and 2_www.mydomain.com.crt go?

 

bundle into bundle, key into key and crt into cert

 

That helps a lot but I just need to reference files from StartSSL. Bellow are cert files downloaded after cert is being generated on StartSSL:



Sorry I had to use screenshots to explain what I'm talking about.
Do I need to use OtherServer.zip ?

 

Not sure if i should add to this post, but I am having an issue also...
I pasted key/cert and bundle in the appropriate boxes. I made sure the the SSL checkbox was checked before hand and then clicked on save certificate.
Now when i go here to check it...

https://www.sslshopper.com/ssl-checker.html#hostname=webmail.dido.ca

I get an error "
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate."

I tested the key/cert and bundle on the same website by pasting here...
https://www.sslshopper.com/certificate-key-matcher.html

And all was good....
Any ideas?

my default-ssl.conf file located in /etc/apache2/sites-enabled/ has these lines in it
SSLEngine on
SSLCertificateFile /etc/ssl/certs/star_dido_ca.crt
SSLCertificateKeyFile /etc/ssl/certs/star_dido_ca.key
SSLCertificateChainFile /etc/ssl/certs/star_dido_ca_bundle.crt

I simply pasted same files into ispconfig for the aforementioned domain

 

Just a note i noticed that a file named webmail.dido.ca.vhost.err and webmail.dido.ca.vhost exists in sites-available but is not in sites-enabled and bot files are the same as I checked with teh diff command.

Thanks

 

I also noted this in apache log file

[Tue Oct 18 15:04:03.550158 2016] [ssl:error] [pid 18206] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=*.dido.ca / issuer: CN=RapidSSL SHA256 CA,O=GeoTrust Inc.,C=US / serial: 16CEB303942AA4911183A2780BC191DE / notbefore: Aug 24 00:00:00 2016 GMT / notafter: Aug 24 23:59:59 2019 GMT]

[Tue Oct 18 15:04:03.550304 2016] [ssl:warn] [pid 18206] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

 

Thank you! After multiple tries and clearing browser cache I finally got it to work and now I have green lock icon!
When testing its important to clear browser cache.

I'm also getting this odd error when testing it:
None of the common names in the certificate match the name that was entered (mydomain.com). You may receive an error when accessing this site in a web browser. It looks like you just need to add the "www." when accessing the site with SSL.
Testing this forum domain does not give that warning?
https://www.sslshopper.com/ssl-checker.html#hostname=howtoforge.com
also another random domain https://www.sslshopper.com/ssl-checker.html#hostname=mixrack.com
How can that be fixed?

 

Thats what I thought, but it's a * cert good for anything that is *.dido.ca
So let me ask you this.... where should the ssl statements be? in /etc/apache2/sites-enabled i have ...

000-ispconfig.vhost: SSLEngine On
000-ispconfig.vhost: SSLProtocol All -SSLv3
000-ispconfig.vhost: SSLCertificateFile /etc/ssl/certs/star_dido_ca.crt
000-ispconfig.vhost: SSLCertificateKeyFile /etc/ssl/certs/star_dido_ca.key
000-ispconfig.vhost: SSLCACertificateFile /etc/ssl/certs/star_dido_ca_bundle.crt
and...

default-ssl.conf: SSLCertificateFile /etc/ssl/certs/star_dido_ca.crt
default-ssl.conf: SSLCertificateKeyFile /etc/ssl/certs/star_dido_ca.key
default-ssl.conf: # Point SSLCertificateChainFile at a file containing the
default-ssl.conf: # the referenced file can be the same as SSLCertificateFile
default-ssl.conf: SSLCertificateChainFile /etc/ssl/certs/star_dido_ca_bundle.crt

SHould i have only in one then?

 

Dam, had the wrong intermediate cert! Sorry for the stupid post!

 

Ok, that makes sense because when I was creating the certificate I entered www.mydomain.com and www part would be subdomain. Can I generate another one for just mydomain.com ? Where would I enter it on ISPconfig? Would I use again same SSL Request key from ISPconfig SSL tab?

 

Ok, so my domain is using a Wordpress and there I have both set to https://www.mydomain.com
In ISPconfig under SSL tab for SSL Domain: I have selected www.mydomain.com
My question is under SSL tab do I set it to mydomain.com in ISPconfig or do I change it to *.mydomain.com ?

 

Only reason why I'm asking * is because I want https:// and https://www. to get SSL to work because having working SSL its better for SEO. Just like its working here with http:// https://www.sslshopper.com/ssl-checker.html#hostname=howtoforge.com no error
and also with https://www. https://www.sslshopper.com/ssl-checker.html#hostname=www.howtoforge.com no error.
Can you please explain?
Just want to make sure its working as it should and not trying to enable something that I won't be using.