Question

SSL certificates aren't working?

Posted September 22, 2014 3k views

So here are the certificates:
http://i.imgur.com/Ggd0TCI.png

Here’s ssl-default.conf:

        SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
        SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
        SSLCertificateFile /etc/ssl/droforce.net.crt
        SSLCertificateKeyFile /etc/ssl/droforce.net.key
        SSLCertificateFile /etc/ssl/AddTrustExternalCARoot.crt
        SSLCertificateFile /etc/ssl/COMODORSAAddTrustCA.crt
        SSLCertificateFile/etc/ssl/COMODORSADomainValidationSecureServerCA.crt

Here’s my error:
http://i.imgur.com/PsjSwED.png

Not sure why this is happening.

6 comments

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

You don’t need iRedMail’s old self-signed certificate, so delete these two lines:

SSLCertificateFile /etc/ssl/certs/iRedMail_CA.pem
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

Now, you need to combine the three COMODO files into one file and set it as the SSLCACertificateFile:

cat /etc/ssl/COMODORSADomainValidationSecureServerCA.crt /etc/ssl/COMODORSAAddTrustCA.crt /etc/ssl/AddTrustExternalCARoot.crt  | sudo tee /etc/ssl/COMODO_chain.crt

Your virtualhost config should look like this:

SSLCertificateFile /etc/ssl/droforce.net.crt
SSLCertificateKeyFile /etc/ssl/droforce.net.key
SSLCACertificateFile /etc/ssl/COMODO_chain.crt

Restart Apache and you should be good to go:

sudo service apache2 restart
Submit an Answer