SSL Certificate

[rouse01]

I am required to move an entire website to a host who will not allow third party certificate authority, but they will set one up for a fee. They do allow self signed certificates. Is it possible to reuse (transfer) the certificate from the prior host?

Thanks - Keith

 

[mbrooks]

Yes, as long as you have the .crt file and private key.

M. Brooks

http://mbrooks.info

 

[rouse01]

My environment is a Virtual Private Server via iPower with one IP address shared over multiple domains.

I used OpenSSL in my SSH terminal to generate the private key and purchased Starfield certificate authority (because the other one is about to expire). Using the Plesk control panel, I loaded the certificate to the main domain.

It accepted it, but gave an alert "Warning: The certificate authority does not sign the certificate." What does this mean?

 

[mbrooks]

When you mean "Starfield certificate authority" you are talking about the actual SSL certificate correct?

If so then you need to set your ca.crt (SSLCertificateChainFile) with the proper PEM encoded CA certificate.

You can get this from where you purchased your SSL certificate (Starfield = GoDaddy?).

After that the certificate should be recognized.

M. Brooks

http://mbrooks.info

 

[rouse01]

Yes, it is via GoDaddy (I put Starfield because that is what is on the seal). I used these instructions:

https://certificates.starfieldtech.com/Apache2.go

When I try to restart Apache, I get a message that a file does not exist as referenced in httpd.include. It is in a paragraph about virtual host.

<IfModule mod_ssl.c>

<VirtualHost 72.22.80.136:443 >
        ServerName default-72-22-80-136
        UseCanonicalName Off
        DocumentRoot /var/[URL unfurl="true"]www/vhosts/default/httpsdocs[/URL]
        ScriptAlias /cgi-bin/ "/var/[URL unfurl="true"]www/vhosts/default/cgi-bin/"[/URL]
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /usr/local/psa/var/certificates/certlk17630
        SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.crt
#       SSLCACertificateFile /usr/local/psa/var/certificates/cert-aqlycc
        <Directory "/var/[URL unfurl="true"]www/vhosts/default/cgi-bin/">[/URL]
                AllowOverride None
                Options None
                Order allow,deny
                Allow from all
        </Directory>
        <Directory /var/[URL unfurl="true"]www/vhosts/default/httpsdocs>[/URL]
                SSLRequireSSL
        </Directory>
</VirtualHost>

</IfModule>

The file doesn't exist... not sure if it ever did. I changed it to be the sf_issuing.crt that I got. When that value is there, Apache restarts, but then the regular site nor the https site will come up. It just stalls.

 

[rouse01]

And this is in my error_log...

[Thu May 04 09:00:47 2006] [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?

[Thu May 04 09:00:47 2006] [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?

 

[mbrooks]

SSLCertificateChainFile /usr/local/psa/var/certificates/sf_issuing.crt

M. Brooks

http://mbrooks.info

 

[rouse01]

Nothing different occurs on this end.

 

[rouse01]

Thanks for your help. I think I have it resolved now.

 

[svnftgmp]

Rouse01....how did you end up resolving the issue?
...I'm having the same error with my server.

 

[rouse01]

Thanks to all for their input, but I finlly caved and had the hosting provider install a certificate for me.