Question

SSL certificates aren't working?

  • Posted September 22, 2014

So here are the certificates: http://i.imgur.com/Ggd0TCI.png

Here’s ssl-default.conf:

		SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
		SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
		SSLCertificateFile /etc/ssl/droforce.net.crt
		SSLCertificateKeyFile /etc/ssl/droforce.net.key
		SSLCertificateFile /etc/ssl/AddTrustExternalCARoot.crt
		SSLCertificateFile /etc/ssl/COMODORSAAddTrustCA.crt
		SSLCertificateFile/etc/ssl/COMODORSADomainValidationSecureServerCA.crt

Here’s my error: http://i.imgur.com/PsjSwED.png

Not sure why this is happening.

Subscribe
Share

So I should remove everything I added to ssl-default.conf?

What should I leave/add because I really have no idea.

The one that is yours, droforce.net.crt.

Yes, I am using the same method and the SSL service gave me three certificates… so I’m just really confused because I’ve never done anything like this before. Which certificate should I use?

That tutorial only sets one key and one certificate. If you want to host two sites, you will need two distinct configurations (vhosts)

You’re not supposed to just randomly add configuration options like that. The certificate file should refer to your own certificate and the key file to your own private key.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You don’t need iRedMail’s old self-signed certificate, so delete these two lines:

SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

Now, you need to combine the three COMODO files into one file and set it as the SSLCACertificateFile:

cat /etc/ssl/COMODORSADomainValidationSecureServerCA.crt /etc/ssl/COMODORSAAddTrustCA.crt /etc/ssl/AddTrustExternalCARoot.crt  | sudo tee /etc/ssl/COMODO_chain.crt

Your virtualhost config should look like this:

SSLCertificateFile /etc/ssl/droforce.net.crt
SSLCertificateKeyFile /etc/ssl/droforce.net.key
SSLCACertificateFile /etc/ssl/COMODO_chain.crt

Restart Apache and you should be good to go:

sudo service apache2 restart