SSL Issues
February 2, 2008 7:01 AM Subscribe
I'm having problems re-installing an SSL certificate. It keeps giving me the old certificate.
Here's the full story. My client wants to start processing credit card details so we bought an SSL certificate from Geo-trust and tried to install it and it didn't work - we found out that a week earlier, the server admin had installed a self-signed certificate for the server without telling us. (all the domains were on the same IP) so we got a new IP for the domain we wanted ssl on and regenerated the key, the csr and the certificate.
Still no joy. We were doing this through cPanel so I thought maybe it was cPanel that was at fault not the certificate. To test this I tried to make a self-signed certificate through cPanel and it didn't work. I got the server admin to give me root access so I could do it command line.
I checked the apache config and there was nothing about SSL in it so I added the SSLEngine On and the paths to the key and the certificate and restarted apache. That worked ok, but obviously we don't want a self-signed when we've paid for a trusted cert.
So I deleted the key, the csr and the cert (I know I didn't need to delete the key but I wanted a fresh start) and started again from scratch but this time using the real certificate (regenerated with the new csr). I checked the config file still had the paths in it and restarted apache but its still giving me the old certificate - how is this possible? That certificate shouldn't even exist anymore.
We're using apache 1.3.39 and some flavour of linux (no idea specifically which but I think its red hat)
The SSL log shows this:
[warn] Init: (secure.domain.com:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) I've googled it but I haven't found anything useful.
(oh and as to why the server admin isn't doing this - he's botched up so much lately the client doesn't want to trust him)
Here's the full story. My client wants to start processing credit card details so we bought an SSL certificate from Geo-trust and tried to install it and it didn't work - we found out that a week earlier, the server admin had installed a self-signed certificate for the server without telling us. (all the domains were on the same IP) so we got a new IP for the domain we wanted ssl on and regenerated the key, the csr and the certificate.
Still no joy. We were doing this through cPanel so I thought maybe it was cPanel that was at fault not the certificate. To test this I tried to make a self-signed certificate through cPanel and it didn't work. I got the server admin to give me root access so I could do it command line.
I checked the apache config and there was nothing about SSL in it so I added the SSLEngine On and the paths to the key and the certificate and restarted apache. That worked ok, but obviously we don't want a self-signed when we've paid for a trusted cert.
So I deleted the key, the csr and the cert (I know I didn't need to delete the key but I wanted a fresh start) and started again from scratch but this time using the real certificate (regenerated with the new csr). I checked the config file still had the paths in it and restarted apache but its still giving me the old certificate - how is this possible? That certificate shouldn't even exist anymore.
We're using apache 1.3.39 and some flavour of linux (no idea specifically which but I think its red hat)
The SSL log shows this:
[warn] Init: (secure.domain.com:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) I've googled it but I haven't found anything useful.
(oh and as to why the server admin isn't doing this - he's botched up so much lately the client doesn't want to trust him)
Sounds to me like your VirtualHost information has not been setup properly after the server admin setup the self-signed.
Check out the VirtualHost setup in httpd.conf. Here's a sample for Apache 1.3.
Also, I'm not sure what the latest supported version of the 1.3.x branch on the RedHat network, but 1.3.41 is the latest version. Might want to check on that as well.
posted by purephase at 8:03 AM on February 2, 2008
Check out the VirtualHost setup in httpd.conf. Here's a sample for Apache 1.3.
Also, I'm not sure what the latest supported version of the 1.3.x branch on the RedHat network, but 1.3.41 is the latest version. Might want to check on that as well.
posted by purephase at 8:03 AM on February 2, 2008
Response by poster: These Premises Are Alarmed, you're a life saver. So simple.
posted by missmagenta at 8:32 AM on February 2, 2008
posted by missmagenta at 8:32 AM on February 2, 2008
This thread is closed to new comments.
posted by These Premises Are Alarmed at 7:53 AM on February 2, 2008