Question
SSL certificates aren't working?
- Posted September 22, 2014
So here are the certificates: http://i.imgur.com/Ggd0TCI.png
Here’s ssl-default.conf:
SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
SSLCertificateFile /etc/ssl/droforce.net.crt
SSLCertificateKeyFile /etc/ssl/droforce.net.key
SSLCertificateFile /etc/ssl/AddTrustExternalCARoot.crt
SSLCertificateFile /etc/ssl/COMODORSAAddTrustCA.crt
SSLCertificateFile/etc/ssl/COMODORSADomainValidationSecureServerCA.crt
Here’s my error: http://i.imgur.com/PsjSwED.png
Not sure why this is happening.
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
You don’t need iRedMail’s old self-signed certificate, so delete these two lines:
SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
Now, you need to combine the three COMODO files into one file and set it as the SSLCACertificateFile:
cat /etc/ssl/COMODORSADomainValidationSecureServerCA.crt /etc/ssl/COMODORSAAddTrustCA.crt /etc/ssl/AddTrustExternalCARoot.crt | sudo tee /etc/ssl/COMODO_chain.crt
Your virtualhost config should look like this:
SSLCertificateFile /etc/ssl/droforce.net.crt
SSLCertificateKeyFile /etc/ssl/droforce.net.key
SSLCACertificateFile /etc/ssl/COMODO_chain.crt
Restart Apache and you should be good to go:
sudo service apache2 restart
So I should remove everything I added to ssl-default.conf?
What should I leave/add because I really have no idea.
The one that is yours, droforce.net.crt.
Yes, I am using the same method and the SSL service gave me three certificates… so I’m just really confused because I’ve never done anything like this before. Which certificate should I use?
That tutorial only sets one key and one certificate. If you want to host two sites, you will need two distinct configurations (vhosts)
I am following this tutorial.
https://www.digitalocean.com/community/tutorials/how-to-install-iredmail-on-ubuntu-12-04-x64
You’re not supposed to just randomly add configuration options like that. The certificate file should refer to your own certificate and the key file to your own private key.