SSL Certs on Linux control panel servers.
In most cases SSL certs can be installed right from the control panel. There is nothing else to do.
This information was accurate at the time it was published on 04/08/04.
Commodo certs and some others require the installation of root and or intermediate certs. The extra certs are required so that people that browse to the site via SSL won't get a message that the SSL cert is untrusted. These type of certs really use somebody else's root cert so they must be chained together in order to work.
They even require a different intermediate cert depending on if you purchased a one year or a two year cert. We have streamlined the process on installing these as much as possible.
Install the cert as normal via the control panel. Then SSH to your server as root. On the server the sites are listed by number. You need to find out what site number the domain is that you are working with.
Step 1 Find the site number
Everything you actually need to type in the sample below is in RED. Press enter after each command.
From the SSH prompt type sitelookup -d domain.com
Replace domain.com with the real domain name. The system displays the information.
domain.com,admin3,site3,/home/virtual/domain.com
Now we know that it's site #3 we need to work with.
Step 2 enter the directory containing the site config files
Type cd /etc/httpd/conf/virtual
This changes us to the directory containing the configuration files for
the sites. Type ls to see a
list of all the site configuration files.
ls
site1 site103 site108 site19 site26 site30 site35 site41 site47 site51 site76 site96
site10 site104 site109 site22 site27 site31 site36 site42 site48 site52 site87 site98
site100 site105 site111 site23 site28 site32 site37 site44 site49 site53 site89 site99
site101 site106 site13 site24 site29 site33 site4 site45 site5 site6 site9
site102 site107 site18 site25 site3 site34 site40 site46 site50 site75 site94
Step 3 add one line to site config file
We need to edit site3. There are many editors in Linux to choose from. You can use vi or nano. Nano is a little easier to use if you are not used to vi. Let's assume you will use nano.
Type nano site3
At the top of the file one you open it in the editor you will see the
domain name so you know that you are editing the correct file.
Scroll all the way to the bottom of the file. You will see
SSLEngine on
SSLCertificateFile /home/virtual/site3/fst/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /home/virtual/site3/fst/etc/httpd/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Edit the above section to add your cert chain file. You will add the line
below for a one year cert.
SSLCACertificateFile /etc/httpd/conf/1year.ca
or for a two year cert you would add the line
SSLCACertificateFile /etc/httpd/conf/2year.ca
Assuming this is a one year cert the section you edited now looks as shown below.
SSLEngine on
SSLCertificateFile /home/virtual/site3/fst/etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /home/virtual/site3/fst/etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/1year.ca
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Press ^X (control key plus the X key) to exit nano. You are prompted with the message.
Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?
Press Y to save and exit.
The files /etc/httpd/conf/1year.ca and /etc/httpd/conf/2year.ca are not part of a standard setup. These files were added to your server by us. We did this to get past some of the steps sent to you by Comodo.
At this point your cert is all installed and ready to use providing that you have installed the cert in the control panel in the normal fashion.
You will need to restart Apache web server in order for it to load the new cert files. To do this type service httpd restart
At this point you are done.