I'm attempting to install an SSL certificate from Thawte and it doesn't appear to be working. I first created a CSR by filling in the information on the SSL tab and selected Create Certificate. I then submitted that information to Thawte for SSL creation. Once I received the SSL from Thawte, I copied the information into the SSL Certificate area on the SSL tab and clicked Save Certificate. But, when I try to go the https of the site, I get the certificate warning stating that the certificate is not from a trusted authority. The certificate appears to have been issued from the site itself. What did I not do correctly? Thanks! Troy
You will have to add the authority chain (bundled cert) for thawte in your apache2.conf file. Thawte has sent you some infos in the mail together with the cert that explain this.
Ok...I've read what Thawte has online and done some additional research but I'd appreciate a "blessing" before I add lines to my httpd.conf. If you can't tell, I'm new to web hosting with Apache on Linux. here's what I've done. I've bound 2 IPs to my eth0, added the second IP to the list of available IPs within ISPConfig. I've saved my SSL certificate to SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt and here's an example of what I'm going to add to the httpd.conf: <VirtualHost xxx.xxx.xxx.2:443> DocumentRoot /var/www/www.domainname.com ServerName xxx.xxx.xxx.1 ServerAdmin [email protected] ErrorLog /root/ispconfig/httpd/logs/ssl_error_log TransferLog /root/ispconfig/httpd/logs/ssl_access_log SSLEngine On SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/domainname.crt SSLSessionCache dbm:/root/ispconfig/httpd/logs/ssl_scache SSLSessionCacheTimeout 300 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> Does this look correct?
This is all configured by ISPConfig correctly as you entered the cert, so you dont have to change the certificate settings! Please do not modify your vhost like this as it will mess up your installation. What you are missing is that you did not include certificate bundle. You will have to add a line like this: SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle to your apache2.conf file that points to the chain certificates from thawte (not to the cert that you received for the domain).
1) Are you saying that I shouldn't have bound a second IP to the ISPConfig server to handle the SSL site? If so, I can easily remove it. 2) I am unclear on this line: "SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle" I understand that I need to add it to the apache2.conf file however I am very unclear as the the file itself (yourSERVERNAME.ca). According to the email that I recieved from Thawte, the only thing I received was a certificate. I did not receive anything that represented another file. Where do I get/how do I create the .ca file?
1) If you have two external IP addresses, then you may use a second external IP for the website of course. 2) It might be that there is no certificate bundle needed, if the current thawte certificates has been delivered with your browser or operating system. Please make a screenshot of the exact certificate information that is shown in your browser when you view the cert details.
Ok Till... I'm back on this... I had to rebuild my server so I'm kinda starting from scratch. I did exactly how the manual describes to install an SSL certificate but when I go to https://www.domainname.com, I don't get any errors but it instantly reverts to a non-https site (ie - the url changes to http://www.domainname.com). Any ideas?
