Topic: Ensim broke, no updates. Installing SSL with command line?!?! (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=31660" title="Pages that link to Topic: Ensim broke, no updates. Installing SSL with command line?!?! (Page 1 of 1)" rel="nofollow" >Topic: Ensim broke, no updates. Installing SSL with command line?!?! <span class="small">(Page 1 of 1)</span>\

 
RedNinja
Obsessive-Compulsive (I) Inmate

From:
Insane since: Aug 2007

posted posted 02-18-2010 20:16

So, Plesk bought out Ensim... and scuttled it. Somehow during the past week it broke, but nobody seems to know how. It's having trouble contacting the license server and has disabled itself despite our having a valid license. Ensim cannot be updated or reinstalled since it is no longer supported due to the buyout. I can't log in and fix anything. Right now we're in the middle of a move to a new server with Plesk installed, but it still isn't ready.

Long story short: I need to install an EV SSL on a site until the new server is ready, and I have to use the command line.

Now, we have a dedicated server and we host multiple domains on it. Anyone who knows Ensim knows that this means there's a few differences in where it looks for it's certificates. Every site has its own httpd.conf file found at /etc/httpd/conf/site1/site1. It's literally site1. That's not a paraphrase. Inside that file is a configuration that tells where to find the certificates and keys. The default is /home/virtual/site1/fst/etc/httpd/conf/ssl.key/server.key for the key, or for the certificate it's /home/virtual/site2/fst/etc/httpd/conf/ssl.crt/server.crt.

I've followed the instructions on how to generate a csr to the letter. It was accepted and approved by the certifying authority. I've changed the virtual httpd.conf file to read the correct location of the CA certificate, placed the certificate there, and restarted apache. Everything should work, right?

Wrong. For some reason the certificate that is showing up is the self-signed, root server certificate. The CA certificate I installed for the domain isn't being given precedence, so the browser is saying that it isn't trusted.

The question I have is: WTF mate?!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 02-19-2010 09:17

random, cold induced guess: have you set the permissions on the new certificate so only the webserver can read it? I seem to remember apache checking that...

Red Ninja
Bipolar (III) Inmate

From: Detroit, MI US
Insane since: Mar 2001

posted posted 02-19-2010 16:30

You know what? I did. The first time. When it wasn't working. But for some reason it never occurred to me to keep setting the permissions whenever I made a change in the course of trouble shooting that required me to reupload the file. Good call.

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 02-20-2010 01:24

so that was it? apperantly my glass ball is working again

->Tyberius Prime

Red Ninja
Bipolar (III) Inmate

From: Detroit, MI US
Insane since: Mar 2001

posted posted 03-01-2010 19:07

Yeah, that was it. Saved my ass too. Blast fax kudos.



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu