Date: Sat, 25 Jul 2009 11:25:17 -0500 From: John Sikes <jsikes (at mark) sikesland.com> Subject: [coba-e:15842] Re: Godaddy SSL problems To: coba-e (at mark) bluequartz.org Message-Id: <3A6351EF-D4A8-4E57-8849-573F2A779848 (at mark) sikesland.com> X-Mail-Count: 15842I have checked in the archives and have seen a lot of issues with GoDaddy SSl's. I have an vsite that has purchased one and I need to get it installed and working properly. I followed the normal ssl install instructions from the manual and it 'kinda' works. The problems appears to be with the intermediate cert. The instructions state to add 3 lines to the httpd.conf file, Open the Apache httpd.conf file and add the following directives: SSLCertificateFile /path to certificate file/your issued certificate SSLCertificateKeyFile /path to key file/your key file SSLCertificateChainFile /path to intermediate certificate/null but there instructions are for a service wide install. I would think that they should be put into the correct vhost.include file for the vsite. This however results in an unhappy response from apache. Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/ ssl_perl.conf: $s->add_config() has failed: SSLCertificateChainFile: file '/home/ sites/domain.com/gd_bundle.crt/null' does not exist or is empty at / usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Apache/ PerlSections.pm line 203.\n Worse yet is web server crashes a few minutes and can not be restarted. I commented out the changes, restarted apache and everything was as it was... 'kinda' working (IE is OK, Firefox does not recognize the CA). I know that is is not a root cert, but there is not much I can do about that, I just need to find how to make it work at this point. Any suggestions? Thanks. John Sikes << John Why don't you just install the intermediate certs from the GUI and let it add the lines to the correct conf file automatically for you. ---- Ken Marcus Ecommerce Web Hosting by Precision Web Hosting, Inc. http://www.precisionweb.net << Thanks for the response Ken. That was the first thing I tried to do. The stand alone intermediate cert file gives an error trying to import stating that the certificate does not contain the private key. I contacted goDaddy directly and that is when I started to try to find the manual way to install the ssl. They state that the intermediate file is contained in the gd_bundle.crt. This file contains 2 certs and BQ didn't like it either. My call to tech support ended with a polite "sorry, we can't help you". If you have successfully used one of their SSL's and have instructions on installing, I would appreciate it. John Sikes Hi Blues, First post here but have been a subcriber for about a year and have found this forum to be useful so now I have an opportunity to return the favour. Have successfully installed a few GoDaddy certs and most of the time it works well through the GUI, but with one server it didn't. I found this article from an older post, can't remember as it was some time ago whether it was a 5102R or 5100R build of BlueQuartz, but with the server that it didn't work through the GUI I had to modify the ssl_perl.conf file as described here: http://bluequartz.org/ml/archive/coba-e/9600/9605.html Might not be your exact situation but hopefully this will lead you in the right direction. Dan << Hey Dan, Thank you for the link with the ssl_perl.conf update. I had to wait until the weekend to try the suggestion (live server, I don't have another BQ box to test on). I made the recommended changes and restarted apache and wow. It worked as advertised. Thanks again Dan and thanks to Herb for the instructions. John Sikes15842_2.html (attatchment)(tag is disabled)