SSL Certificate Installed but Self Signed Still Used

  • ipsa
  • 03/18/09
  • Offline
Posted: Tue, 2010-06-15 14:02

Hi,

I've just installed a wildcard SSL certificate (GoDaddy) in the main domain of our VirtualMin Pro server. Everything looks good as far as I can see in the VirtualMin interface.

Yet when I try to access the https:// website, I get the warning about the old self-signed certificate. I've restarted Apache and dug around a bit but I'm not an Apache config guru.

Could somebody point me in a likely direction? Let me know if more info is needed and I'll provide it.

Thanks.


(Replying to my own messsage,

  • ipsa
  • 03/18/09
  • Offline
  • Tue, 2010-06-15 14:43

(Replying to my own messsage, which is pretty typical of me.)

Turns out I found the solution.

The file "/etc/httpd/conf.d/ssl.conf" was referencing the old self signed certificate and key. At first I tried just commenting out the relevant line but Apache wouldn't start up when I did so I replaced the references to the self signed stuff to references to the new certificate files:

SSLCertificateFile /home/mysitecom/ssl.cert
SSLCertificateKeyFile /home/mysitecom/ssl.key

Now going to the https:// address works correctly. I'm assuming that the config in this file is global to the entire Apache server but since I'll only have one SSL certificate on the server, I don't think this would have a big impact. Please let me know if I'm wrong! (Or give me what the "proper" way to do it would be.)

Now I have another problem though. I enabled SSL on one of the site's subservers (which is on a subdomain, therefore covered by the wildcard certificate). When I go to "https://sub.mysite.com", I end up on "http://www.mysite.com". (I wouldn't have been surprised to end up on the secure version of the site, but to be kicked to the non-secure site is a little weird...) Not sure where that's coming from...

As before I'd be grateful for any help. Thanks.