PDA

View Full Version : Can't create my own SSL


sh4d0w
01-19-2008, 12:37 AM
I use "SSL Certificates" menu for creating and installing my own SSL certificate (not purchased) (I have dedicated IP and SSL access).

I select "Create your own self signed certificate", fill all fields and then click save button. There is no errors and in textarea below (Paste a pre-generated certificate and key) I see generated keys. After that I select "Paste a pre-generated certificate and key" and click save button. And I have error message: Certificate is Invalid.

How can i setup correctly own certificate (not purchased)?

Also I replace default DirectAdmin ssl certificate (OIL): I create in ssh keys files and replace default DirectAdmin files and in httpd.conf paste SSLPassPhraseDialog exec:/path_to_script. I am correctly replace default ssl certificate? If its not - please tell me how can I do it correctly? And may be its a reason of my problem?

Thanks.
sh4d0w
01-23-2008, 06:25 AM
I cant find a reason of my problem.
DirectAdmin Support
01-24-2008, 01:49 AM
Hello,

That almost sounds like a broken openssl.

The code run by DA is something like:
openssl req -new -x509 -days 365 -keyout /path/to/temp.key -out /path/to/file.cert
openssl rsa -in /path/to/temp.key -out /path/to/file.keySo try running that manually to see what you get.. if any errors pop up.

Here is another 1 step method for creating a cert/key that you can use:
/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodesOf course, change any bold /paths to whatever you want to use for testing.

John
sh4d0w
01-26-2008, 04:19 AM
Thank you, John.
I try this commands:


openssl req -new -x509 -days 365 -keyout /path/to/temp.key -out /path/to/file.cert

Then I enter pass phrase and some data for certificate.


openssl rsa -in /path/to/temp.key -out /path/to/file.key

Then enter pass phrase for temp.key, and I get file.cert, file.key, temp.key

Then I modify httpd.conf in /usr/local/directadmin/data/users/[USERNAME] :


SSLCertificateFile /usr/local/directadmin/data/users/[USERNAME]/domains/file.cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/[USERNAME]/domains/file.key


Then I restart apache (no errors). And when I go to https://mydomain.com I see certificate than installed for all server (not my own certificate).
sh4d0w
02-06-2008, 12:59 AM
Please help me.
DirectAdmin Support
02-06-2008, 01:37 AM
Hello,

Go to:
User Level -> SSL Certificates

and see if you can select+save the "paste your own certificate/key" option.

If you still get the error in DA, then edit:

/usr/local/directadmin/data/users/username/domains/domain.com.conf

set the options:
SSLCertificateFile=/usr/local/directadmin/data/users/username/domains/domain.com.cert
SSLCertificateKeyFile=/usr/local/directadmin/data/users/username/domains/domain.com.key

Then type:
echo "action=rewrite&value=httpd&user=username" >> /usr/local/directadmin/data/task.queue

John