[ZendTo] Re: Issues enabling SSL Website

Marlon R Deerr MDeerr at tgf.ca
Thu Jan 19 16:30:57 GMT 2012


I contacted StartSSL (the CA that issued me this certificate) and they
suspect that something is wrong with the current certificate chain
bundle currently being used. I am not too familiar with Apache so I
don't want to mess things up.  

Here is what he told me to do:

1. Go to this website: https://www.startssl.com/?app=21 and download the
sub.class1.server.ca.pem file
2. copy that file to my installation of Apache and make sure that the
SSLCertificateChainFile is referenced correctly.

In the link above, they have Apache pointing to a different location
from where my installation of Apache points to the
SSLCertificateChainFile.  According to my 001-zendto-ssl file, the
SSLCertificateChainFile points to /etc/ssl/certs/ca-bundle.crt.  Should
I modify that line and replace ca-bundle.crt with the downloaded pem
file from the above link?


Not exactly sure what I should be doing at this point.   


-----Original Message-----
From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf
Of John Cooper
Sent: January-19-12 10:04 AM
To: ZendTo Users
Subject: [ZendTo] Re: Issues enabling SSL Website

The certificate is not valid or you've put the wrong file type in the
Apache config e.g. put the private key in the public folder or similar. 
Perhaps they have created your cert with a previously used serial
number. Check each of the cert files with an example install. You could
create a self cert to prove the procedure and HTTPS works ok.


On 19/01/12 14:40, Marlon R Deerr wrote:
>
> Hello,
>
> I have ZendTo v4.08 Ubuntu VM installation. I followed all 
> instructions to the "T" for "Setting up and SSL Website". I am using 
> an SSL Cert from StartSSL. After following the instructions and 
> restarting Apache, I am unable to access my site via HTTPS. I have 
> tried several different browsers and all fail. Here are the errors I 
> am getting. Note: with respect to the FireFox error, I know that I 
> have another SSL Cert from the same Issuing Authority, but I have 
> examined the serial numbers I have and I know for sure that I don't 
> have any duplicates.
>
> */_When I use Google Chrome, I get the following error:_/*
>
> *This web page is not available*
>
> The web page at *https://dropoff.domain.ca/* might be temporarily down

> or it may have moved permanently to a new web address.
>
> Error 2 (net::ERR_FAILED): Unknown error.
>
> */_When I use FireFox 9.0.1, I get the following error:_/*
>
> *Secure Connection Failed*
>
> Your certificate contains the same serial number as another 
> certificate issued by the certificate authority. Please get a new 
> certificate containing a unique serial number.
>
> (Error code: sec_error_reused_issuer_and_serial)
>
> */_When I use Internet Explorer v9, I get the following error:_/*
>
> Internet Explorer cannot display the webpage - no further details are 
> given
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto



More information about the ZendTo mailing list