Date:  Mon, 20 Jul 2009 15:34:31 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenlists (at mark) precisionweb.net>
Subject:  [coba-e:15833] Re: Godaddy SSL problems
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <1BA1E81AC4E344AAA949755A2F4B0FFD@OfficeKen>
References:  <C1400FCA-E3A2-49D6-A559-4E8A5CAB674B (at mark) sikesland.com> <09F7F03B3B0C499D9A94BA82810D17DB (at mark) OfficeKen> <6FC00233-A629-456A-B1AE-EE3006B56783 (at mark) sikesland.com>
X-Mail-Count: 15833


----- Original Message ----- 
From: John Sikes
To: coba-e (at mark) bluequartz.org
Sent: Monday, July 20, 2009 3:21 PM
Subject: [coba-e:15832] Re: Godaddy SSL problems



----- Original Message ----- From: John Sikes
To: coba-e (at mark) bluequartz.org
Sent: Saturday, July 18, 2009 8:57 PM
Subject: [coba-e:15824] Godaddy SSL problems


I have checked in the archives and have seen a lot of issues with GoDaddy 
SSl's.  I have an vsite that has purchased one and I need to get it 
installed and working properly.   I followed the normal ssl install 
instructions from the manual and it 'kinda' works.  The problems appears to 
be with the intermediate cert.  The instructions state to add 3 lines to the 
httpd.conf file,


Open the Apache httpd.conf file and add the following directives:
SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/null
but there instructions are for a service wide install.  I would think that 
they should be put into the correct vhost.include file for the vsite.  This 
however results in an unhappy response from apache.


Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/ssl_perl.conf:
$s->add_config() has failed: SSLCertificateChainFile: file 
'/home/sites/domain.com/gd_bundle.crt/null' does not exist or is empty at 
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Apache/PerlSections.pm 
line 203.\n


Worse yet is web server crashes a few minutes and can not be restarted.


I commented out the changes, restarted apache and everything was as it 
was... 'kinda' working (IE is OK, Firefox does not recognize the CA).


I know that is is not a root cert, but there is not much I can do about 
that, I just need to find how to make it work at this point.


Any suggestions?


Thanks.
John Sikes
<<



John

Why don't you just install the intermediate certs from the GUI  and let it 
add the  lines to the correct conf file automatically for you.


----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net


<<
Thanks for the response Ken.
That was the first thing I tried to do.
The stand alone intermediate cert file gives an error trying to import 
stating that the certificate does not contain the private key.


I contacted goDaddy directly and that is when I started to try to find the 
manual way to install the ssl.  They state that the intermediate file is 
contained in the gd_bundle.crt.  This file contains 2 certs and BQ didn't 
like it either.  My call to tech support ended with a polite "sorry, we 
can't help you".


If you have successfully used one of their SSL's and have instructions on 
installing, I would appreciate it.


John Sikes
<<


John

Try splitting the file with 2 certs into 2 files and then import them as 
separate intermediate certs into the GUI.


----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net