SSL Mixed Issue

talha · December 31, 2015, 10:31am

Hello everyone,

I recently migrated a virtualmin server (one site) to another server. The site on existing server was working perfectly with SSL on the website, email, virtualmin and usermin panels.

On the new server, the SSL certificate is working fine on email, virtualmin (10000) and usermin (20000) but it is not working on my website (https://website.com). The certificate is being shown as “self signed” instead of the purchased certificate.

Thanks in advance for your support.

Regards,
Talha

talha · January 23, 2016, 12:36pm

Hi Everyone,

I am still having the same issue. I deleted the entire server abc.com, then installed fresh CentOS, fresh Virtualmin, then just created a virtual server also called “abc.com”.

Then did CSR request, got the new certificates etc from commodo. Everything works fine for webmin, mails etc but website still shows invalid certificate. The entire public_html folder has single index.html file.

The only change between old server and new server is that:

old server hostname = xyz.com … virtual server = abc.com

new server hostname = abc.com … virtual server = abc.com

Any help would be appreciated.

Thanks,
Talha

talha · January 23, 2016, 3:16pm

Update: Problem fixed

One other difference in the new server is that it was CentOS 7. I did a scan of http config files using following command:

grep -i -r “SSLCertificateFile” /etc/httpd/

It showed that the following configuration:

/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate

/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt

/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile

I figured out that it was using the new central certificate folder of CentOS at /etc/pki/tls/

I finally edited the /etc/httpd/conf.d/ssl.conf and changed 3 fields to make it work:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt -> SSLCertificateFile /home/abc/ssl.cert

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -> SSLCertificateFile /home/abc/ssl.key

SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt -> SSLCACertificateFile /home/abc/ssl.ca

I guess virtualmin guys need to update the software to accommodate the new structure of CentOS 7.

Thanks,
Talha