Date: Sat, 25 Jul 2009 16:32:57 -0600 From: "Rodrigo Ordonez Licona" <rodrigo (at mark) xnet.com.mx> Subject: [coba-e:15843] Re: Godaddy SSL problems To: <coba-e (at mark) bluequartz.org> Message-Id: <200907252233.n6PMX1HB026986 (at mark) ana.xnet.com.mx> In-Reply-To: <3A6351EF-D4A8-4E57-8849-573F2A779848 (at mark) sikesland.com> X-Mail-Count: 15843Hi john, I managed to install a godaddy certificate 2 years ago, without touchingthat file (/etc/httpd/conf.d/ssl_perl.conf) I do recall making a single file out of 2 or more files (prety much =joiningthem) I logged in to godaddy to check for the old instructions.I f you made it past the certificate request generation and received acertificate from godaddy you are pretty much done, just place the crt =fileson the correct directories and it will work.I have 3 Files at/home/sites/www.yourdomainwithsslproblems.com/certscertificatekeyrequestThese 3 files contain just text.The only problem was to actually generate the certifiate request, but itseem as you are through that part.Normally you would use the GUI to install the certificate , however in =mycase I had to copy the files to this locationII)And I think the file that did the trick is called ca-bundle.crt I think I downlaoded it from godaddy. I can send it over if you want. =thefile is at /usr/share/ssl/certsis is called ca-bundle.crthth Rodrigo OXnet _____ From: John Sikes [mailto:jsikes (at mark) sikesland.com] Sent: SáÃado, 25 de Julio de 2009 10:25To: coba-e (at mark) bluequartz.orgSubject: [coba-e:15842] Re: Godaddy SSL problemsI have checked in the archives and have seen a lot of issues with =GoDaddySSl's. I have an vsite that has purchased one and I need to get itinstalled and working properly. I followed the normal ssl installinstructions from the manual and it 'kinda' works. The problems appears =tobe with the intermediate cert. The instructions state to add 3 lines to =thehttpd.conf file,Open the Apache httpd.conf file and add the following directives:SSLCertificateFile /path to certificate file/your issued certificateSSLCertificateKeyFile /path to key file/your key fileSSLCertificateChainFile /path to intermediate certificate/nullbut there instructions are for a service wide install. I would think =thatthey should be put into the correct vhost.include file for the vsite. =Thishowever results in an unhappy response from apache.Starting httpd: Syntax error on line 5 of =/etc/httpd/conf.d/ssl_perl.conf:$s->add_config() has failed: SSLCertificateChainFile: file'/home/sites/domain.com/gd_bundle.crt/null' does not exist or is empty =at/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/Apache/PerlSecti=ons.pm line 203.\nWorse yet is web server crashes a few minutes and can not be restarted.I commented out the changes, restarted apache and everything was as itwas... 'kinda' working (IE is OK, Firefox does not recognize the CA).I know that is is not a root cert, but there is not much I can do aboutthat, I just need to find how to make it work at this point.Any suggestions?Thanks.John Sikes<<JohnWhy don't you just install the intermediate certs from the GUI and let =itadd the lines to the correct conf file automatically for you.----Ken MarcusEcommerce Web Hosting byPrecision Web Hosting, Inc.http://www.precisionweb.net <http://www.precisionweb.net/> <<Thanks for the response Ken. That was the first thing I tried to do. The stand alone intermediate cert file gives an error trying to importstating that the certificate does not contain the private key.I contacted goDaddy directly and that is when I started to try to find =themanual way to install the ssl. They state that the intermediate file iscontained in the gd_bundle.crt. This file contains 2 certs and BQ =didn'tlike it either. My call to tech support ended with a polite "sorry, wecan't help you". If you have successfully used one of their SSL's and have instructions =oninstalling, I would appreciate it.John Sikes Hi Blues, First post here but have been a subcriber for about a year and have =foundthis forum to be useful so now I have an opportunity to return the =favour.Have successfully installed a few GoDaddy certs and most of the time itworks well through the GUI, but with one server it didn't. I found thisarticle from an older post, can't remember as it was some time ago =whetherit was a 5102R or 5100R build of BlueQuartz, but with the server that itdidn't work through the GUI I had to modify the ssl_perl.conf file asdescribed here: <http://bluequartz.org/ml/archive/coba-e/9600/9605.html>http://bluequartz.org/ml/archive/coba-e/9600/9605.html Might not be your exact situation but hopefully this will lead you in =theright direction. Dan<<Hey Dan, Thank you for the link with the ssl_perl.conf update. I had to wait until the weekend to try the suggestion (live server, I =don'thave another BQ box to test on). I made the recommended changes and restarted apache and wow. It worked =asadvertised.Thanks again Dan and thanks to Herb for the instructions. John Sikes15843_2.html (attatchment)(tag is disabled)