I have a problem with getting the correct SSL certificate to be used by the virtual host/domain, I've installed a GoDaddy SSL Certificate in the Manage SSL Certificate I put the files on the server in the home directory and selected these using the File on server method in the Update Certificate and Key all appeared to work OK and in the CA Certificate it shows GoDaddy however in the Current Certificate tab it still says Self-signed. When I try and view a file in the website with https it complains saying the certificate isn't valid and when I view the certificate in the browser it appear to the the self signed for the server IP not the GoDaddy one?
Operating system CentOS Linux 5.10 Webmin version 1.660 Virtualmin version 4.03.gpl GPL
Howdy,
It's difficult to say what the exact issue might be, but one thing you could try is to re-add the certificate.
First, I'd suggest making a backup of the various "ssl.*" files in your Virtual Server home directory.
Once you do that, try going into Server Configuration -> Manage SSL Certificates -> Apply Signed Certificate, and there, try copying and pasting your SSL certificate into the textbox there.
-Eric
Hi Eric,
I don't seem to have the Apply Signed Certificate option?
KR,
Chris
Tried reinstalling didn't work also looking at the ssl.conf file noticed these:
Server Certificate: Point SSLCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A new certificate can be generated using the genkey(1) command.SSLCertificateFile /etc/pki/tls/certs/localhost.crt
Server Private Key: If the key is not combined with the certificate, use this directive to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Tried commenting out in case it helped and rebooted now see to have a critical issue where apache won't start (so tried uncommenting again makes no difference) getting the message
Failed to start apache : Starting httpd: [Wed Mar 05 16:04:34 2014] [warn] module version_module is already loaded, skipping [Wed Mar 05 16:04:34 2014] [warn] VirtualHost 46.38.190.35:80 overlaps with VirtualHost 46.38.190.35:80, the first has precedence, perhaps you need a NameVirtualHost directive (98)Address already in use: make_sock: could not bind to address [::]:80 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs [FAILED]
Help!!
OK I've managed to get Apache running again however I have the continued issue of the site not seeming to be using the correct SSL certificate is there somewhere that might include a server self-signed certificate that would take precedence over the one for the virtual host i believe the server is using the file held here /etc/pki/tls/certs ?
Also I've found in the logs...
[Wed Mar 05 17:29:17 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Mar 05 17:29:17 2014] [warn] RSA server certificate CommonName (CN) `XX.XX.189.235' does NOT match server name!?
The IP stated in the logs does not match the actual server IP XX.XX.190.35 the IP `XX.XX.189.235' appears to be coming from the localhost.crt from this path /etc/pki/tls/certs as I've decoded the cert using https://www.sslshopper.com/certificate-decoder.html and this confirms the incorrect IP?
That warning you're seeing should be okay... any relevant SSL errors would be in $HOME/logs/error_log.
Rather than the "Apply certificate" tab, you could instead paste in your SSL into the "Update Certificate and Key" tab.
When you add your SSL cert, be sure to copy and paste it into the textbox, rather than pointing it to a file on your filesystem.
While in theory either should work, copying and pasting it there is a troubleshooting step that will rule out a few things.
-Eric
OK I've tried every which way I can see of doing this now and the only way I've been able to get the 'correct' certificate to be used is to edit the /etc/httpd/conf.d/ssl.conf directly and hard code the sites certificates into this. Any ideas why it won't work via Virtualnin?