ssl certifcate renew, problems with firefox & thunderbird

Virtualmin
1

hi there

i had to renew a wildcard ssl certificate issued by commodo last year. everything worked fine. after renewal of the certificate we experienced issues with certain mail-clients (postbox on apple, thunderbird) to access mail without warning that the certificate is not valid. furthermore firefox displays the following:

ourdomain.ch:10000 uses an invalid security certificate.
The certificate expired on 10/4/12 1:59 AM. The current time is 10/10/12 12:26 PM.
(Error code: sec_error_expired_certificate)

virtualmin tells me ( “Server Configuration” -> “Manage SSL Certificate”):
Web server hostname *.ourdomain.ch Issuer name EssentialSSL CA
Issuer organization COMODO CA Limited Expiry date Oct 4 23:59:59 2013 GMT
Certificate type Signed by CA

so what went wrong with the update? google chrome is showing things as correct. one difference i see to an other installation is the following:

a perfectly running virtualmin domain under -> “Server Configuration” -> “Manage SSL Certificate”
SSL certificate file /home/xyz/ssl.cert
SSL private key file /home/xyz/ssl.key

it shows me cert and key file location, on the updated server i do not see any of these information, why?

i don’t know what i have to do differently then when setting it first up, or maybe i missed something which i did and was not mentioned in the documentation.

any help what to do?
best
m

2

Howdy,

It’s possible to update the SSL cert within Apache, but not within Webmin/Virtualmin.

That is, after performing the update in Server Configuration -> Manage SSL Certificates – which just updates Apache – you would then want to click the “Copy to Webmin”, “Copy to Postfix”, and “Copy to Dovecot” buttons.

-Eric

3

hi there

i copied it, with no effect.

firefox tells me, that:

Owner: This website does not supply ownership information.
Verified: COMODO CA Limited

Could this be something with ca-bundle? I do not exactly know how it works but some research on google mentioned that firefox (and possibly thunderbird/postbox) handle certificates not the same way as for example google chrome and ie?

so i think i am just halfway through with the certificate, i guess something with ca-bundle is going wrong, do i do not know how to fix it… any input welcome.

best
marc

4

Howdy,

Well, so long as the expiration date isn’t correct, it means it’s not seeing the correct SSL cert.

You may also want to try a restart of the service, just to make sure that’s not the issue.

-Eric