Untrusted SSL certificate

  • Are you sure there is no insecure content on the site, I mean images linking/loading from other places.
    I'm using Wildcard and I haven't seen that issue if it's correctly installed, only if we have had a relation to another site or a wrongly installed certificate.


    Normally you can check what it tires to connected with ex. Chrome dev console.
    https://support.google.com/chrome/answer/1342714?hl=en


    Back to business...
    I am testing the SSL issue again.
    Correct me if I am wrong. But this is how we have done with SSL:


    1. Installed IMSCP from scratch
    2. We said yes to use SSL under installation
    3. We chose smarthost as mail server (this works ok)
    4. We said no to "have own certificate"
    5. We said no to use local DNS server
    6. Finished up the installation
    7. Made all settings in admin panel (including activate ssl)
    8. Made a reseller
    9. logged in as reseller
    10. made a hosting plan
    11. made a customer
    12. logged in to that customer
    13. added the key and certificate and hit save
    14. went to the site https://...


    When looking at the certificate text it says:


    maar.securenetwork.dk uses an invalid security certificate.


    The certificate can not be relied on , as it is signed by the proprietor.
    The certificate is only valid for *. Host2.concrete5.dk.


    (Error code: sec_error_untrusted_issuer)


    It seems to me that it thinks that it is the server certificate (host2.concrete5.dk), but the certificate is issued to *securenetwork.dk


    Any idea?

    Concrete5 Denmark - CMS til alle
    --------------------------
    Michael Jensen-Maar
    Concrete5 Danmark

    --------------------------


  • 3. We chose smarthost as mail server (this works ok)


    Such answer will have not effet since i-MSCP installer come with its own file...



    Hello,


    Both sites host2.concrete5.dk and maar.securenetwork.dk reuse the same ip? I bet it's SNI problem... See http://debian-handbook.info/br…sect.http-web-server.html


    eg:


    Thank you for using i-MSCP

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().

  • Hello,


    Both sites host2.concrete5.dk and maar.securenetwork.dk reuse the same ip? I bet it's SNI problem... See http://debian-handbook.info/br…sect.http-web-server.html


    eg:


    I looked in to the file ports.conf:



    And added your suggestion:



    I still have problems and have to investigate if I have a bad certificate. It still comes up as untrusted!

    Concrete5 Denmark - CMS til alle
    --------------------------
    Michael Jensen-Maar
    Concrete5 Danmark

    --------------------------

    Edited once, last by MGAV ().


  • Re ;


    Well, I'll test that issue too. Let me some hours since I've a bunch of issues to solve in master today. ;)


    Thank you for your report.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • It is totally ok. I am just confused about all this SSL stuff.


    Take your time!

    Concrete5 Denmark - CMS til alle
    --------------------------
    Michael Jensen-Maar
    Concrete5 Danmark

    --------------------------


  • c0urier


    Your are using SNI feature (same IP address for all SSL certificates)? I know that you don't use NameVirtualHost directives so...


    Eg, In all your vhosts you are using the Wildcard notation for the IP address such as:


    Code
    1. <VirtualHost *:443>
    2. ...
    3. </VirtualHost>


    This is maybe the difference here because with master, we set the IP. I must do some tests.


    Thanks.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().

  • The certificate is for *.securenetwork.dk (not *.concrete5.dk)


    But the hosting server has the hostname host2.concrete5.dk (our test server) and maar.securenetwork.dk is a customer (test customer for testing certificate).


    Btw. We are roling back to clean snapshot again now. too many loose ends right now. faster to reinstall. Tried to install Zend Optimizer and some thing went wrong...

    Concrete5 Denmark - CMS til alle
    --------------------------
    Michael Jensen-Maar
    Concrete5 Danmark

    --------------------------