rvt Posted January 28, 2011 Posted January 28, 2011 Tested with both "purchased" and self signed SSL certificates. Guide to reproduce problem is below: The following steps are performed on a separate Linux machine or through cPanel's "generate key/cert" options Step 1: Generate RSA Private Key either through cPanel or with the following Linux command - openssl genrsa 1024 > host.key Step 2: Generate Certificate either through cPanel or with the following Linux command - openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert Step 3: Go to the SSL install page on cPanel (http://www.heliohost.org:2082/frontend/x3/ssl/install.html) and copy/paste your key and certificate in to the appropriate fields. If generated by cPanel, they should appear automatically. Step 4: Select the domain from the drop down menu Step 5: Click the "Install Certificate" button cPanel then displays this: If I could get cPanel to dump more info I would but it doesn't. Tried waiting 24+ hours for an Apache restart and no luck there either.
Ashoat Posted January 29, 2011 Posted January 29, 2011 Thanks for the instructions, guys. I've submitted the support request to cPanel. I'll keep you posted.
yaxar Posted February 5, 2011 Posted February 5, 2011 Before we start, note that SSL may cost you money if you want the green padlock in your browser. (It is possible to use SSL without paying money, but browsers will not show a green padlock, and may even show warnings that your site isn't secure.) Steps to get SSL activated on your website: 1. Go to http://cpanel.heliohost.org/frontend/x3/ssl/keys.html 2. Under "Generate a new key", "(Select a domain)" that you want SSL installed on 3. Under "Generate a new key", click "Generate" 4. Go to http://cpanel.heliohost.org/frontend/x3/ssl/csrs.html 5. Under "Generate a New Certificate Signing Request", fill out the form with the appropriate information 6. Under "Generate a New Certificate Signing Request", click "Generate" 7. Under "SSL Certificate Signing Request", copy ALL of the text that appears in the first box Use the Certificate Signing Request to get a Certificate 8. Go to http://cpanel.heliohost.org/frontend/x3/ssl/crts.html 9. Under "Upload a New Certificate", "paste the crt below" 10. Under "Upload a New Certificate", click "Upload" 11. Go to http://cpanel.heliohost.org/frontend/x3/ssl/install.html 12. Under "Install/Update A SSL Host", "Select a Domain" The top two boxes should fill up. If they don't you did something wrong. The bottom box may fill up. 13. Click "Install Certificate" Escalating request for dedicated IP. I followed your instructions and up to 7. it worked fine but on 10. It gave the error "Unable to determine host for certificate! Unknown Error No valid certificate provided". pic.tiff
Guest Geoff Posted February 5, 2011 Posted February 5, 2011 You are doing this step incorrectly: Use the Certificate Signing Request to get a Certificate Where are you getting your certificate from?
Ashoat Posted February 6, 2011 Posted February 6, 2011 The cPanel folks say that the issue is fixed. Can you guys try to see if you can install the certificate? Make sure to wait until server load is low (probably below 10) before trying.
Guest Geoff Posted February 7, 2011 Posted February 7, 2011 Someone PM'ed me and asked me to try to activate SSL on their site. Their account was created on the "home1" partion for refrence. Their SSL/TLS manager did not have "Active SSL on the web". I logged into my account, which is on the "home" partion, and found that "Activate SSL on the web" was present in my SSL/TLS manager. Obviously, you cannot use SSL without "Activate SSL on the web."
asweeba Posted February 7, 2011 Author Posted February 7, 2011 The cPanel folks say that the issue is fixed. Can you guys try to see if you can install the certificate? Make sure to wait until server load is low (probably below 10) before trying. Thanks DJBob! It finally works! I got a message saying "Your SSL certificate has been successfully installed to your site." But for some reason, when I connect to the website, It says the certificate chain is incomplete. When I looked at the details, it said the certificate domain name wasn't the same as the website's domain name. Unfortunatly it is right. The certificate domain name is actually the server's domain name (stevie.heliohost.org). I have no idea why it is the server's name, but I don't know how to fix it. Because of this problem, the website still loads as normal http after allowing the certificate.
Guest Geoff Posted February 7, 2011 Posted February 7, 2011 Looks like you are using a self-signed certificate. @djbob: I was reporting an error in post #21. CPanel should show Activate SSL on my site, If I am correct.
Ashoat Posted February 8, 2011 Posted February 8, 2011 Geoff: since your account isn't on the default shared IP, cPanel thinks that you have a dedicated IP... so it thinks you can assign SSL. However, you need a dedicated IP to actually correctly assign an SSL certificate. asweeba: I think that's what you're experiencing. Have you requested a dedicated IP?
asweeba Posted February 8, 2011 Author Posted February 8, 2011 Geoff: since your account isn't on the default shared IP, cPanel thinks that you have a dedicated IP... so it thinks you can assign SSL. However, you need a dedicated IP to actually correctly assign an SSL certificate. asweeba: I think that's what you're experiencing. Have you requested a dedicated IP? Yes, I already have one. It says it in my cpanel on the status bar area. Should I remake a certificate with the same name as the server? I might have put in the wrong IP address too, Ill check. Thanks!
Guest Geoff Posted February 8, 2011 Posted February 8, 2011 Looks like you are using a self-signed certificate. Anotherwards, you need to buy a cert from someone like verisign.
asweeba Posted February 8, 2011 Author Posted February 8, 2011 Looks like you are using a self-signed certificate. Anotherwards, you need to buy a cert from someone like verisign. Aren't you able to do it with a self signed too? I don't care if it warns people, I just want the SSL for the website so it doesn't automatically get blocked by certain firewalls.
jje Posted February 8, 2011 Posted February 8, 2011 You can only have your site warning-free if you use a proper certificate (eg. Verisign). You will get warnings if you are using a self-signed certificate (with you are using now). Unfortunately, I don't think there is any way to stop the warnings popping up. Self-Signed certificates are usually used to test websites. Most public websites use proper ones.
asweeba Posted February 8, 2011 Author Posted February 8, 2011 You can only have your site warning-free if you use a proper certificate (eg. Verisign). You will get warnings if you are using a self-signed certificate (with you are using now). Unfortunately, I don't think there is any way to stop the warnings popping up. Self-Signed certificates are usually used to test websites. Most public websites use proper ones. Thats ok, the warnings are fine. The site is for my class in school. No one really cares if it's not proper, not even my teacher But for some reason, my certificate has incorrect information in it (that's what the browser tells me), and because of this, the site still does not have SSL. The address for it still reads http:// and not https://. I can't figure out what's causing this either. I'm still waiting for the server load to go down so I can try another one.
Ashoat Posted February 8, 2011 Posted February 8, 2011 asweeba: What cPanel says isn't relevant. Like I said, cPanel /thinks/ that all non-default IPs are dedicated. However, unless I've explicitly told you that I've assigned you a dedicated IP, you don't actually have a dedicated IP. If it's working out for you anyways, that's good - we have a limited supply of dedicated IPs.
Recommended Posts