hello i have created a CSR using the following Code: openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr then filled out the info requested i then ran Code: cat yourdomain.csr i then copied and pasted into a certificate authority. i then receive an email to confirm its me and shortly after i receive the email for the download of the certs. there are 4 in the downloaded zip file 1)AddTrustExternalCARoot 2)mysite_com 3)ADDTrustCA 4)DomainValidationSecureServiceCA i have read and tried 2 different ways to install these certs all ending in a loss of apache causing me to reload the server because i am doing something wrong. my question is do i need to install all 4 certs and how do i do this safely. thank you for any direction and help kwick
UPDATE i just received another email with a new zip file and only 2 files inside 1)mysite_com.ca-bundle 2)mysite_com
Where do you want to install that, an ispconfig website? In that case, you will have to put the SSL key (that you created outside of ispconfig as it seems) into the key field, the .crt file into the certificate field and the bundle file content into the SSL bundle field.
thank you for the reply. i have done as stated and saved the info. when i exit the ssl page and then log back in i see the info that i had entered but i am having an issue. the site is using what i am assuming is the self singed cert from ISPCONFIG? the ssl cert that i bought was for 3 years. what should i be looking to edit thanks in advance. below is the output on a website ssl checker DNS resolves my_site.com to xx.xxx.xxx.xx SSL certificate Common Name = localhost Issuer = localhost Serial Number = FDD85BA0069C1ECE SHA1 Thumbprint = ED7AF483584FF7A90F919EC2AD7D4A53FE7677E4 Key Length = 2048 Signature algorithm = SHA1 + RSA (deprecated) Secure Renegotiation: Supported SSL Certificate has not been revoked OCSP Staple: Not Enabled OCSP Origin: Not Enabled CRL Status: Not Enabled SSL Certificate expiration The certificate expires May 17, 2035 (6306 days from today) Certificate does not match name my_site.com Subject localhost Valid from 22/May/2015 to 17/May/2035 Issuer localhost SSL Certificate is not trusted The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
just put the ssl key, cert and bubdle in the ssl field, select 'save certificate' in the action field and press save. And ensure that you have the ssl checkbox enabled in that website on the first tab. Beside that, your web browser can show you the details of the ssl cert that is currently used.
ok i have done as stated and it has been over 10 days and i run a check and get the same outcome whats my next step? mysstore.com resolves to xx.xx.xxx.xx Server Type: Apache/2.4.18 (Ubuntu) The certificate will expire in 6294 days. The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate None of the common names in the certificate match the name that was entered (aquamedsstore.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors. Common name: localhost Organization: NETGEAR Org. Unit: NETGEAR Location: SanJose, California, US Valid from May 22, 2015 to May 17, 2035 Serial Number: 18291470629429059278 (0xfdd85ba0069c1ece) Signature Algorithm: sha1WithRSAEncryption Issuer: localhost
yes I seen that and changed the setting 443 was pointed at USB that was not connected. I forwarded 443 to server and rechecked ssl. IP Address (IPV4) xx.xxx.xxx.xx Server Type Apache/2.4.18(Ubuntu) Certificate Names Hostname matches Primary Domain:mystore.com Subject Alternative Domains: Certificate Signature Algorithm Sha256 With RSA Encryption Certificate Duration Certificate expires in 3638 days SCSV Fallback Enabled Heartbeat Extension Enabled Heartbleed Vulnerability Secure OCSP Stapling Disabled OCSP Status Unable to verify ocsp status with incomplete chain Strict-Transport-Security Disabled Encryption Methods TLS versions found available TLSv1 TLSv1.1 TLSv1.2 Safe Ciphers Safe ciphers enabled AES256+EECDH AES256+EDH AES256-SHA AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 AES256-GCM-SHA384 AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 AES128-GCM-SHA256 AES128-SHA256 Unsafe Ciphers No unsafe ciphers enabled Certificate Chain Certificate chain is incomplete, missing intermediate(s) Serial Number: C2AD7DC81A8AAB9A Signature Algorithm: Sha256 With RSA Encryption Issuer Name: mystore Common Name: mystore.com Validity Period: February 8, 2018 toFebruary 6, 2028
Ensure that you added the intermediate (bundle) ssl certs for the ssl cert into the ssl bundle field of the website. you get them from the ssl authority were you bought the ssl cert.
all good thank you i had to move the bundle back into the field then saved it again. i had it like stated below.. i think the root to all this problem was i have port 443 assigned to the external usb. that was assigned on another tab not in the port forwarding tab.. thank you for all the help it now checks out.. just have to contact the ssl athuraty because it says i only have 89 days on the cert and i bought 3 years lol. kwick
