The SSL Certificate for Apache server had expired yesterday. I renewed it with CA Cert, viewed the certificate, copied the contents into a .crt file which is referenced in ssl.conf. Restarted httpd server but still the browser throws "SEC_ERROR_EXPIRED_CERTIFICATE". What is even strange is that it shows the expired certificate. I changed the name of the .crt file and restarted httpd server and it failed to start saying the SSLCertificate was not found. That would mean it was referring to the .crt file I put after renewal from CA Cert.
Appreciate your help in resolving this.
Found the issue - I was referring to old certificate in another .conf file. So due to the conflict, it was fetching the old one itself. Once I removed that, it worked fine.
Related
I've configured an NGINX reverse-proxy with SSL certificate and it works fine in Chrome and IE, but give me an SSL error (SEC_ERROR_UNKNOWN_ISSUER) in Firefox.
Why is that?
I've just found another answer to a similar problem that explains that this happens if the certificate chain is not fully sent by the server (or in this case the load balancer).
This other answer explains that Chrome looks for this missing chain certificates by itself while Firefox does not. Actually Firefox caches intermediate certificates from earlier connections to other sites, but in my case since I'm mostly using Chrome, Firefox didn't had any cache of these Sectigo (Comodo) root certificates, that's why I was getting the validation error.
When I purchased my PositiveSSL certificate I've received both the "crt" file for my domain but also a "ca-bundle" file which is the certification authority bundle. Both these files should be concatenated (first my certificate, followed by the certificates for the authority chain), and this combined file is what should be configured as ssl_certificate in NGINX.
I got an email from COMODO.
the file is:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
domain_file_.crt
i set this by directadmin and copy files to private_html folder.
now when i check certificate show error:
https://www.sslshopper.com
How can I fix?
tank you.
I think you have not installed SSL correctly on your domain and due to that you are facing this issues, Please add CA bundle while installing SSL for your domain so that you will not get any error with the SSL,
http://www.geotrust.eu/en/support/manuals/directadmin/directadmin/install+certificate/
I have installed SSL Certificate manually that I had brought from Godadday. It installed successfully but it shows self signed certificate which is not trusted or displays cross on https.
What is the solution ?
It is showing because it does not recognized the certificate that you get from Godaddy.
The CSR certificate has to upload on your site and make changes on apache config file.
Make sure your CSR file should not match with the private key that you submitted to verify your site.
Installing a SSL certificate requires some server administration knowhow, especially updating web server configuration.
DigitalOcean has a great tutorial on how to install a SSL certificate from GoDaddy: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#example-ca-2-godaddy
Maybe it helps.
To check if you installed it correctly, you can use Qualys SSL Server Test at https://www.ssllabs.com/ssltest/index.html
I am already 3 hours fighting with setting SSL certificate for a Heroku app. I am following this tutorial, but when I run
heroku certs:add server.crt bundle.pem server.key --app my-app-name
I always get this error:
Resolving trust chain... failed
! No certificate given is a domain name certificate.
I have bought the SSL certificate at DNSimple. What's is still wrong, why am I missing. It makes me despair, even Google didn't help...
All help will be appreciated.
In my case the ZIP file I downloaded from my SSL provider contained 2 .crt files and I picked the wrong one when running the certs:update. Re-running with the other .crt file solved the problem
Seems like your certs and your bundle are not resolving properly, i.e. either the trust chain is broken (not all certs exist in bundle for domain -> intermediate CA -> root CA) or alternatively your cert is not valid for the domain that Heroku is expecting.
Make sure the fully qualified domain name in your cert matches the domain you are using.
I'm trying to install a Comodo SSL certificate on a shared server, which has directadmin installed. I have assigned the user an unique ip address, made the CSR request and uploaded the certificate.
In directadmin I get the response that both the certificate and private key are saved. Unfortunately, when I browse to the https://www.domain.com I get a SSL error, saying that the certificate is untrusted, because it is self-signed.
I'm confused why this error occurs. It seems to me that I followed the correct steps to install the Comodo ssl certificate. I also tried deleting the private key and certificate through the command line on the server. But this does not seem to resolve the error.
What direction should I be looking into solving this issue?
Check if you installed the intermediate certificate. You have to list one or more intermediate certificates in the field for your public key.
You can also use the GlobalSign OneClickSSL plugin for DirectAdmin and let the plugin do everything for you automatically.
See: https://www.globalsign.com/ssl/oneclickssl/directadmin/
And: http://www.youtube.com/#/watch?v=tVP9i6Ing1M