SSL certificate doesn't show up for Cloudmin guest system

11 posts / 0 new
Topic locked
Last post
#1 Fri, 12/21/2012 - 10:27
yngens

SSL certificate doesn't show up for Cloudmin guest system

I have properly installed SSL certificate for a website in a Cloudmin guest system, but despite Virtualmin shows correct SSL certificate, unfortunately green lock sign doesn't show up in the address bar. At the same time, when looking at the detailes of the certificate which browser uses I can see some detailes that have been attributed to the this guest system by Cloudmin as shown in the attachement. Is there any conflict between Cloudmin and guest systems SSL certificates? How can I solve this issue? Thanks!

Fri, 12/21/2012 - 11:25
andreychek

Many SSL providers require an intermediate certificate be setup, in order for the cert to be trusted.

If yours sent an intermediate cert, you would need to set that in the "CA Certificate" tab in the Manage SSL Certificate screen.

-Eric

Fri, 12/21/2012 - 11:30 (Reply to #2)
yngens

I did install intermediate certificate too. Currently, Manage SSL Certificate page shows:

Current SSL certificate details
SSL certificate file /home/username/domains/my.site.com/ssl.cert
SSL private key file /home/username/domains/my.site.com/ssl.key
Web server hostname my.site.com Issuer name StartCom Class 1 Primary Intermediate Server CA
Issuer organization StartCom Ltd. Expiry date May 3 21:58:20 2013 GMT
Certificate type Signed by CA
Other domain names my.site.com | site.com
Download certificate PEM format | PKCS12 format
Download private key PEM format | PKCS12 format

However, when going to https://my.site.com instead of green lock I see red crossed lock.

Fri, 12/21/2012 - 12:28
andreychek

The screenshot you attached shows your browser displaying an error saying that the SSL cert's root certificate isn't trusted...

That may mean that the CA Certificate you have there isn't correct, or complete.

You may want to make sure that you have the complete CA Certificate there... it's usually comprised of several certificates.

-Eric

Fri, 12/21/2012 - 12:58 (Reply to #4)
yngens

That's the problem that what Virtualmin shows is different from what my browser sees. And what I attached is kind of relevant to Cloudmin, since this is guest VPS system, that is why I've opened this page in Cloudmin forums and was wondering if somehow Cloudmin settings could get mixed with guest systems.

Fri, 12/21/2012 - 13:23
andreychek

Have you clicked the "Copy to Webmin" button recently?

It's possible that you've made updates to the SSL certificate since previously done that.

Any management you do in the Manage SSL Certificates is only applied to the domain via Apache -- for Webmin or other services to see those same changes, you'd have to click "Copy to Webmin".

-Eric

Mon, 12/24/2012 - 01:54 (Reply to #6)
yngens

I did. I also did completely remove and reinstall SSL couple of times. Unfortunately it is still showing red crossed lock. Erro log for the virtual server contains:

[Fri Dec 21 03:26:01 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Dec 21 03:26:01 2012] [warn] RSA server certificate CommonName (CN) `kvmcentos6template-gpl.home' does NOT match server name!?
[Fri Dec 21 03:26:26 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Dec 21 03:26:26 2012] [warn] RSA server certificate CommonName (CN) `kvmcentos6template-gpl.home' does NOT match server name!?
[Fri Dec 21 03:26:51 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Dec 21 03:26:51 2012] [warn] RSA server certificate CommonName (CN) `kvmcentos6template-gpl.home' does NOT match server name!?
[Fri Dec 21 03:27:43 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Dec 21 03:27:43 2012] [warn] RSA server certificate CommonName (CN) `kvmcentos6template-gpl.home' does NOT match server name!?
[Fri Dec 21 03:27:43 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Dec 21 03:27:43 2012] [warn] RSA server certificate CommonName (CN) `kvmcentos6template-gpl.home' does NOT match server name!?

I am worried by "kvmcentos6template" mention here. Why this at all shows in a guest system? This website was working just fine with its SSL key before I transferred it to Cloudmin guest, and this issue started just after I did transfer it over to Cloudmin KVM guest system. I have a feeling that something is mixed up between Cloudmin host and guest systems, though can't figure out what exactly.

Mon, 12/24/2012 - 09:49
yngens

Still can't figure out this puzzle. Could this problem happen because I am trying to configure SSL key for a subdomain.mydomain.com, which is at the same time is a hostname for the server?

Everything looks just ok in Virtualmin, however browsers shows what is attached below. I don't really get where this certificate about kvmcentos6template-gpl.home gets from? And how can I get rid of it for this guest system?

Mon, 12/24/2012 - 10:03
yngens

Might this issue have anything with

/etc/ssl/certs/localhost.crt

?

Here is the full information about certificate that is taking place of one configured in Virtualmin:

Wed, 12/26/2012 - 05:00
yngens

Informing for future readers hitting the same issue, that I have resolved it by changing my guest's hostname. For some reason, if a newly created subdomain is same as hostanme, then SSL doesn't install correctly.

Fri, 01/11/2013 - 11:09
shane3

Many SSL providers require an intermediate certificate be setup, in order for the cert to be trusted.

Have you clicked the "Copy to Webmin" button recently?

Topic locked