Results 1 to 16 of 16
  1. #1
    Join Date
    Dec 2001
    Posts
    518

    Verifying that a SSL cert is installed correctly

    Is there any way to verify that a SSL cert I installed is done correctly? I had to renew one, and the first time I went to the site, it prompted me to trust (or not) the source.

    Terry
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  2. #2
    Join Date
    Jul 2002
    Posts
    1,443
    You can look at the cert info.
    Synergy Blue LLC
    SonataWeb.net | SynergyBlue.com
    USA should so something about: http://www.brillig.com/debt_clock/

  3. #3
    Join Date
    Mar 2004
    Location
    Motorcity
    Posts
    150
    well its supposed to ask you to trust it or not isnt it ? so when you come back next time it will know.

    Do you get lock icon on bottom when typing your https addy ?

  4. #4
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    Originally posted by peilo
    well its supposed to ask you to trust it or not isnt it ? so when you come back next time it will know.

    Do you get lock icon on bottom when typing your https addy ?
    It depends on a lot of things, if the certificate comes from a trusted source (according to IE et all) & the dates are valid then it shouldn't ask you. I suspect the install didn't go right & the OP is using an out of date certificate.

    You should see the reason for asking when that box comes up.

  5. #5
    Join Date
    Dec 2001
    Posts
    518
    Got it at EV1 servers, and the cert says issued by me, to me, so it's definately not installed correctly. I'll give it another try.
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  6. #6
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    Originally posted by DSD
    Got it at EV1 servers, and the cert says issued by me, to me, so it's definately not installed correctly. I'll give it another try.
    It might be, are EV1 a reseller for a certifying authority, or do they issue their own certificates? Couldn't find them (or anything similar) in IE's list of trusted authorities.

    p.s. are the dates correct on the certificate?

  7. #7
    Join Date
    Dec 2001
    Posts
    518
    I bought it for two years, but the cert only says that it's valid for 1 year. So I guess the dates are wrong.
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  8. #8
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    If you're referring to the certificate on the website in your sig

    1) It hasn't come from a trusted authority (according to IE), not sure about others, but I tend not to trust them myself

    2) It's only valid for a month

  9. #9
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    Addendum!! Just had a look at another secure site to better understand the info a certificate gives you, & it looks like you've signed this certificate yourself, I'm not sure anyone would trust that on an ecommerce site. To answer your original question, it looks like the cerificate is installed right, but it doesn't seem to be the one you bought from EV1

  10. #10
    Join Date
    Jun 2002
    Location
    Sherbrooke, Québec
    Posts
    184
    Most Mozilla users should still trust the certificate given the fact that I had to tell it about 15 times that I didn't trust it before it allowed me to close the window

  11. #11
    Join Date
    Jan 2004
    Location
    South East U.K.
    Posts
    1,303
    That's because it's putting up at least a dozen certificate 'nag' boxes, never seen that before

  12. #12
    Join Date
    Jun 2002
    Location
    Sherbrooke, Québec
    Posts
    184
    I am not sure (don't remember well -- and won't get there again) but I think the images were from the HTTPS site while the actual page was on the HTTP site. Instead of loading one SSL item, it loads many.

    But in my opinion the browser should only ask once in a given time frame so that you are not 'nagged' like this.

  13. #13
    Join Date
    Feb 2003
    Location
    CT
    Posts
    484
    Is it a chained ssl cert? If so it looks like the chained certificate is not installed.

  14. #14
    Join Date
    Dec 2001
    Posts
    518
    Well, it's out of the bag that it's my site.... I was just trying to save a little face.

    So, I install the cert throught cpanel, and http promptly refuses to start (if I install it with my new Key from EV1).

    If I don't put the Key in (where cpanel has labeled it "ca bundle - optional) the server installs my self signed cert just fine, and httpd restarts happily

    Could there be a problem with the key that ev1 gave me? I tend to think that the problem is between the chair and the keyboard, but would happily accept suggestions.
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  15. #15
    Join Date
    Feb 2003
    Posts
    82
    DSD - in WHM, the actual certificate file goes in the top box (that will be the bit EV1 sent you). Then fill in the account info, and CPanel will try to grab the private key for you (second box).
    The final box you will only need to fill in for a chained cert (InstantSSL, ChainedSSL etc.)
    Then hit 'Do It'. This should...er....do it!!

    HTH

    Note that CPanel can be bad sometimes and get the wrong key. You'll know if it does this if you get a 'Key modulus mismatch error' when you hit Do It.

  16. #16
    Join Date
    Dec 2001
    Posts
    518
    Thanks guys, I got everything working fine now. I was simply putting key in the wrong place.
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •