I followed everything twice, cannot get SSL to work

Discussion in 'Install/Configuration' started by DavidPesta, Nov 23, 2006.

  1. DavidPesta

    DavidPesta New Member

    Edit:
    I highly recommend LiteSpeed server to everyone. The following problem was the ONLY trouble that I had installing LiteSpeed server and it was resolved within a day. LiteSpeed is WAY more efficient and WAY easier to set up than Apache.



    I tried everything twice, even had the new certificate generated twice. Here is what I did:

    # openssl genrsa -out server.key 1024
    # openssl req -new -key server.key -out server.csr
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:Oklahoma
    Locality Name (eg, city) []:Owasso
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Auction Zealot
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:www.auctionzealot.com
    Email Address []:davidpesta@gmail.com
    A challenge password []:
    An optional company name []:


    I created a Server Listener:
    Listener Name - AZ SSL
    IP Address - ANY
    Port - 443
    Secure - Yes

    Inside the new AZ SSL Listener, I went to the SSL settings:
    Private Key File - /ssl/server.key
    Certificate File - /ssl/www_auctionzealot_com.crt
    Clicked "save"
    SSL Version - Not Specified
    Encryption Level - Not Specified

    Inside AZ SSL Listener "General" tab, I set up a Virtual Host Mapping:
    Virtual Host - Auction Zealot
    Domains - www.auctionzealot.com
    Clicked "save"

    Clicked "Apply Changes"
    Clicked "Graceful Restart"

    Listeners shows:
    AZ SSL *:443 Running [Auction Zealot] auctionzealot.com

    Here is the page with the problem:
    https://www.auctionzealot.com/login.php


    Another thing interesting to note, when they generated both certificates they were identical even though I generated separate private keys. Could this be the problem? (Their fault?)

    Thanks,
    David
    Last edited: Nov 24, 2006
  2. DavidPesta

    DavidPesta New Member

    I have included screen shots of the inside of my litespeed configuration.

    Here is the server status:

    [​IMG]


    Here is the General tab on the SSL listener:
    [​IMG]


    Here is the SSL tab on the SSL listener:
    [​IMG]


    Go to https://www.auctionzealot.com/login.php to see the problem.


    Please help! :)
    David
  3. xing

    xing LiteSpeed Staff

    The url works in SSL on my end. From the screenshots you did not actually check/enable any of the SSL Protocol features.
  4. DavidPesta

    DavidPesta New Member

    What?!

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]


    I tried SSL v2.0, I tried SSL v3.0, I tried TLS v1.0, I tried HIGH, I tried MEDIUM, I tried combinations of all of these. It won't even allow me to reach the page if any of these are chosen.

    Here is the most recent email (out of 15 emails) with Comodo SSL where I got my certificate:

    "Hi David,

    Thank you for the reply.

    This is to inform you that CSR is correct only no need to make the common name to auctionzealot.com but problem is in certificate installation.

    Please delete the exisiting certificate to install the new certificate which we resent to your email id.

    Don't hesitate to contact us for assistance at any point of time.

    Regards

    Steve"

    They say my CSR is correct. I can't get this working.. :mad:

    David
  5. xing

    xing LiteSpeed Staff

    SSL is working but IE does not recognize the certificate creator as "trusted". Anyone can generate certificates but unless they are one of the tops in the industry and have their certificate bundled with IE, IE will complain.

    You need to get a certificate from a more reputable/larger SSL cert provider.

    And get a refund from comodo.
  6. DavidPesta

    DavidPesta New Member

    Did you know that this certificate is 18 months old? The dates 3/27/2005 - 5/3/2007 can be seen on the last screen shot in my previous post.

    I had this company make a certificate that worked on apache for 18 months.

    David
  7. mistwang

    mistwang LiteSpeed Staff

    That probably because the CA certificate has not been loaded. That's the certificate you get from commando which should be used for SSL certificate they issued.
    Check your apache configuration and have the CA certificate installed on LiteSpeed the same way.
  8. DavidPesta

    DavidPesta New Member

    I tried this as well and had the same result. I figured that (not knowing how SSL certification actually works or what is involved) that Comodo had something reset on their end which prevents the old apache certificate from working.

    If they generate a new certificate for the new server, will the old certificate still be expected to work?

    David
  9. mistwang

    mistwang LiteSpeed Staff

  10. mistwang

    mistwang LiteSpeed Staff

  11. DavidPesta

    DavidPesta New Member

    It has to be a problem with what I'm doing, but I have absolutely no idea what it is. I followed your HOW TOs instructions "How to configure SSL using the private key and certificate in LiteSpeed web server?" and it says nothing about the CA.

    I'm just not familiar with SSL, but I'll just keep providing screen shots of what I'm doing until we get it working. (Then I'll know how to do it.) We'll get it eventually. :)

    Here is what I did based on your instructions:
    [​IMG]

    For CA Certificate File I tried:
    /ssl/ComodoSecurityServicesCA.crt (sent to me along with www_auctionzealot_com.crt)
    /ssl/GTECyberTrustGlobalRoot.crt (sent to me along with www_auctionzealot_com.crt)
    /ssl/ComodoSecurityServicesCA2018.cer (downloaded from website in your last post)
    /ssl/GTECyberTrustGlobalRoot2018.cer (downloaded from website in your last post)

    I still have the same result..

    I still don't know for sure what I am doing, but am trying to follow all instructions given to me.

    David
  12. DavidPesta

    DavidPesta New Member

    By the way, for chained certificate, I tried YES, NO, and N/A and I restart the server every time I make changes.

    David
  13. mistwang

    mistwang LiteSpeed Staff

    Download the ca_new_2018.txt from their web site, use it as "CA Certificate File"
    Set "Chained Certificate" to "No", leave "CA Certificate Path" unset, restart the server, it should work.
  14. DavidPesta

    DavidPesta New Member

    Sorry, I did exactly as you said and it does not work...

    [​IMG]

    I thoroughly reviewed both files "ca_new_2018.txt" and "ComodoSecurityServicesCA.crt" and found that they were identical anyway.

    David
  15. ts77

    ts77 New Member

    I don't get a warning for that page anymore.
  16. DavidPesta

    DavidPesta New Member

    Wow, it just works now all of a sudden! :D :D :D

    Why did it take time for it to come into effect? That makes it impossible to troubleshoot. :confused: Kind of disturbing...

    Thank you for your help! :)

    David
  17. DavidPesta

    DavidPesta New Member

    I want you to know this doesn't affect what I think of LSWS, I absolutely love your program!!!

    Your software is still 1000's OF TIMES EASIER than setting up Apache/TUX/eaccelerator. SSL was my ONLY complication! Good job to your team! :D :D :D

    David
    Last edited: Nov 24, 2006

Share This Page