I need some help installing a cert ..

Assigned the IP to the account
Went over to ev1servers and got the $49 cert

Followed the directions to a "T" on site-helper.com and the cert still says
localdomain.localhost

The cp said "Certificate and Key Saved!" .. i restarted apache .. nothing

Are the directions wrong??

Thanks,
HostPC Team

Hello,

You need to close all browsers. IE will cache old certificates so you have to reload everything before you can see the new certificate.

John

Been there, done that - it's now been 48 hrs... still not working. This is the second certificate that hasn't worked, on 2 different servers. Any other ideas?

Check the users httpd.conf in the ssl vhost and check the lines for ssl:

SSLCertificateFile /path/to/file.crt
SSLCertificateKeyFile /path/to/file.key

check the 2 paths and ensure they contain the data you have used, if they dont - replace them with the new data.

Once that is done restart apache...

Chris

Hello again,

Everything looks fine there ... restarted apache .. still getting the server cert

Anymore options?

Thanks,
HostPC Staff

Let me rephrase my question a bit ..

As anyone got a GeoTrust Cert from EV1servers to work on DirectAdmin?

Thanks,
HostPC Staff

Anybody?

I have an instantssl comodo certificate which uses the GTECyberTrust chained certificate. The problem I had (which may not be your case) was that I had multiple web sites on this same user name. The SSL for this website needs to be the first domain listed in the user/domains/httpd.conf file. I had other domains listed first which were using the default server certificate. Once I moved domain.com (the one I have the cert for) to the top everything worked fine. Hope this helps somehow.

Hi,

No I have the same problem, I have even done it manually by passed the CP, and it still dont work, if you look in /etc/httpd/logs/ssl_engine_log you will find this..
[08/Jun/2004 07:43:13 03341] [error] Init: (www.sw-dns.com:443) Unable to configure RSA server private key (OpenSSL library error follows)
[08/Jun/2004 07:43:13 03341] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch.

I think it is about time the author stepped in for support.

Best regards from Alan

Originally posted by firefox OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch.

The error is there... the data in the cert/key doesnt match...

Chris

Hi Everyone,

Yes I understand what the problem is , WHY is the real problem.

This is the second cert I have paid for, but this time I did it manually, created the key, then csr, then applied for cert.

This is how I do it on my other servers, which every time works, I feel this is a problem in the install or working of cp..

Best Regards from Alan

Originally posted by firefox
Hi Everyone,

Yes I understand what the problem is , WHY is the real problem.

This is the second cert I have paid for, but this time I did it manually, created the key, then csr, then applied for cert.

This is how I do it on my other servers, which every time works, I feel this is a problem in the install or working of cp..

Best Regards from Alan

Are they chained certificates or standard?

Chris

Hi Chris
Thank you - They are standard.
Alan

Ok, could you login and confirm a few things:



grep -r "SSLCertif" /usr/local/directadmin/data/users/username/httpd.conf | cut -d" " -f2


Output?

Finally, with the 2? lines it displayed:

cat /path1/ssl.crt
cat /path2/ssl.key

Do they contain the correct information? (including the -----BEGIN* and ------ END* headers?)

Chris

Hi Chris,

From the check you asked me to do this is the information:-

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


/etc/httpd/conf/ssl.key
-rw-r--r-- 1 root root 887 Jun 7 08:40 server.key

/etc/httpd/conf/ssl.crt
-r-------- 1 root root 1005 Jun 7 07:54 server.crt

And also in /etc/httpd/conf/httpd.conf I have this

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key

cat /etc/httpd/conf/ssl.crt/server.crt
cat /etc/httpd/conf/ssl.key/server.key

Do they contain the information you are trying to use?

Chris

Hi Chris,

Yes they do, it is the information I put in them..the key data and cert I brought..