I followed everything twice, cannot get SSL to work

#1
Edit:
I highly recommend LiteSpeed server to everyone. The following problem was the ONLY trouble that I had installing LiteSpeed server and it was resolved within a day. LiteSpeed is WAY more efficient and WAY easier to set up than Apache.



I tried everything twice, even had the new certificate generated twice. Here is what I did:

# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Oklahoma
Locality Name (eg, city) []:Owasso
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Auction Zealot
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:www.auctionzealot.com
Email Address []:davidpesta@gmail.com
A challenge password []:
An optional company name []:


I created a Server Listener:
Listener Name - AZ SSL
IP Address - ANY
Port - 443
Secure - Yes

Inside the new AZ SSL Listener, I went to the SSL settings:
Private Key File - /ssl/server.key
Certificate File - /ssl/www_auctionzealot_com.crt
Clicked "save"
SSL Version - Not Specified
Encryption Level - Not Specified

Inside AZ SSL Listener "General" tab, I set up a Virtual Host Mapping:
Virtual Host - Auction Zealot
Domains - www.auctionzealot.com
Clicked "save"

Clicked "Apply Changes"
Clicked "Graceful Restart"

Listeners shows:
AZ SSL *:443 Running [Auction Zealot] auctionzealot.com

Here is the page with the problem:
https://www.auctionzealot.com/login.php


Another thing interesting to note, when they generated both certificates they were identical even though I generated separate private keys. Could this be the problem? (Their fault?)

Thanks,
David
 
Last edited:

xing

LiteSpeed Staff
#3
The url works in SSL on my end. From the screenshots you did not actually check/enable any of the SSL Protocol features.
 
#4
The url works in SSL on my end.
What?!










From the screenshots you did not actually check/enable any of the SSL Protocol features.
I tried SSL v2.0, I tried SSL v3.0, I tried TLS v1.0, I tried HIGH, I tried MEDIUM, I tried combinations of all of these. It won't even allow me to reach the page if any of these are chosen.

Here is the most recent email (out of 15 emails) with Comodo SSL where I got my certificate:

"Hi David,

Thank you for the reply.

This is to inform you that CSR is correct only no need to make the common name to auctionzealot.com but problem is in certificate installation.

Please delete the exisiting certificate to install the new certificate which we resent to your email id.

Don't hesitate to contact us for assistance at any point of time.

Regards

Steve"

They say my CSR is correct. I can't get this working.. :mad:

David
 

xing

LiteSpeed Staff
#5
SSL is working but IE does not recognize the certificate creator as "trusted". Anyone can generate certificates but unless they are one of the tops in the industry and have their certificate bundled with IE, IE will complain.

You need to get a certificate from a more reputable/larger SSL cert provider.

And get a refund from comodo.
 
#6
Did you know that this certificate is 18 months old? The dates 3/27/2005 - 5/3/2007 can be seen on the last screen shot in my previous post.

I had this company make a certificate that worked on apache for 18 months.

David
 

mistwang

LiteSpeed Staff
#7
That probably because the CA certificate has not been loaded. That's the certificate you get from commando which should be used for SSL certificate they issued.
Check your apache configuration and have the CA certificate installed on LiteSpeed the same way.
 
#8
Check your apache configuration and have the CA certificate installed on LiteSpeed the same way.
I tried this as well and had the same result. I figured that (not knowing how SSL certification actually works or what is involved) that Comodo had something reset on their end which prevents the old apache certificate from working.

If they generate a new certificate for the new server, will the old certificate still be expected to work?

David
 
#11
It has to be a problem with what I'm doing, but I have absolutely no idea what it is. I followed your HOW TOs instructions "How to configure SSL using the private key and certificate in LiteSpeed web server?" and it says nothing about the CA.

I'm just not familiar with SSL, but I'll just keep providing screen shots of what I'm doing until we get it working. (Then I'll know how to do it.) We'll get it eventually. :)

Here is what I did based on your instructions:


For CA Certificate File I tried:
/ssl/ComodoSecurityServicesCA.crt (sent to me along with www_auctionzealot_com.crt)
/ssl/GTECyberTrustGlobalRoot.crt (sent to me along with www_auctionzealot_com.crt)
/ssl/ComodoSecurityServicesCA2018.cer (downloaded from website in your last post)
/ssl/GTECyberTrustGlobalRoot2018.cer (downloaded from website in your last post)

I still have the same result..

I still don't know for sure what I am doing, but am trying to follow all instructions given to me.

David
 

mistwang

LiteSpeed Staff
#13
Download the ca_new_2018.txt from their web site, use it as "CA Certificate File"
Set "Chained Certificate" to "No", leave "CA Certificate Path" unset, restart the server, it should work.
 
#14
Sorry, I did exactly as you said and it does not work...



I thoroughly reviewed both files "ca_new_2018.txt" and "ComodoSecurityServicesCA.crt" and found that they were identical anyway.

David
 
#16
Wow, it just works now all of a sudden! :D :D :D

Why did it take time for it to come into effect? That makes it impossible to troubleshoot. :confused: Kind of disturbing...

Thank you for your help! :)

David
 
#17
I want you to know this doesn't affect what I think of LSWS, I absolutely love your program!!!

Your software is still 1000's OF TIMES EASIER than setting up Apache/TUX/eaccelerator. SSL was my ONLY complication! Good job to your team! :D :D :D

David
 
Last edited:
Top