February 2, 2008 7:01 AM Subscribe
I'm having problems re-installing an SSL certificate. It keeps giving me the old certificate.
posted by missmagenta to Computers & Internet (3 answers total)
Here's the full story. My client wants to start processing credit card details so we bought an SSL certificate from Geo-trust and tried to install it and it didn't work - we found out that a week earlier, the server admin had installed a self-signed certificate for the server without telling us. (all the domains were on the same IP) so we got a new IP for the domain we wanted ssl on and regenerated the key, the csr and the certificate.
Still no joy. We were doing this through cPanel so I thought maybe it was cPanel that was at fault not the certificate. To test this I tried to make a self-signed certificate through cPanel and it didn't work. I got the server admin to give me root access so I could do it command line.
I checked the apache config and there was nothing about SSL in it so I added the SSLEngine On and the paths to the key and the certificate and restarted apache. That worked ok, but obviously we don't want a self-signed when we've paid for a trusted cert.
So I deleted the key, the csr and the cert (I know I didn't need to delete the key but I wanted a fresh start) and started again from scratch but this time using the real certificate (regenerated with the new csr). I checked the config file still had the paths in it and restarted apache but its still giving me the old certificate - how is this possible? That certificate shouldn't even exist anymore.
We're using apache 1.3.39 and some flavour of linux (no idea specifically which but I think its red hat)
The SSL log shows this:
[warn] Init: (secure.domain.com:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) I've googled it but I haven't found anything useful.
(oh and as to why the server admin isn't doing this - he's botched up so much lately the client doesn't want to trust him)