Author Topic: SSL Partially working  (Read 6382 times)

0 Members and 3 Guests are viewing this topic.

Offline
*
SSL Partially working
« on: July 20, 2019, 02:41:53 PM »
Alright, I've been working on this for a few hours, and i'm starting to get a headache. I have the SSL certificate installed, and it is working for xxx.domain.xxx:2031 but it is not working for xxx.domain.xxx. I'm receiving "ERR_SSL_PROTOCOL_ERROR" via the browser. Also, my certificates may be working, but it is not recognizing the chain certificate. I've installed it properly but its still not being recognized. I took a peek at the api file, and noticed the "certificatechain" line was MIA.

https://imgur.com/mc7JaSf

https://imgur.com/hADrDuY

Offline
**
Re: SSL Partially working
« Reply #1 on: July 20, 2019, 08:25:26 PM »
Did you use the AutoSSL module.

CWP.Admin -> webserver settings -> AutoSSL

with xxx.domain.xxx:2031, you need to use the change hostname module - CWP.Admin -> server settings -> change hostname -> enter hostname and click change hostname

Offline
*
Re: SSL Partially working
« Reply #2 on: July 20, 2019, 11:17:27 PM »
Yes, the Hostname is correct.

Offline
*
Re: SSL Partially working
« Reply #3 on: July 20, 2019, 11:43:51 PM »
Alright, after hours of tweaking i'm starting to make some progress with the SSL Issues.

I've found the problem with https://xxx.domain.xxx .

/usr/local/apache/conf.d/hostname-ssl.conf

For some reason the configuration was using the Shared IP, instead of using the Hostname IP. After changing this, SSL is fully operational with no issues.

https://imgur.com/XNz0NGN

The only issues I have now is getting https://xxx.domain.xxx:2031 CertificateChain working. Can you please point me in the proper direction for the configurations for that. i do know its running Nginx on the management side, not very familiar with that webserver.
« Last Edit: July 21, 2019, 12:07:14 AM by JonathanC »

Offline
*
Re: SSL Partially working
« Reply #4 on: July 21, 2019, 12:56:27 AM »
Alright, after hours of tweaking i'm starting to make some progress with the SSL Issues.

I've found the problem with https://xxx.domain.xxx .

/usr/local/apache/conf.d/hostname-ssl.conf

For some reason the configuration was using the Shared IP, instead of using the Hostname IP. After changing this, SSL is fully operational with no issues.

https://imgur.com/XNz0NGN

The only issues I have now is getting https://xxx.domain.xxx:2031 CertificateChain working. Can you please point me in the proper direction for the configurations for that. i do know its running Nginx on the management side, not very familiar with that webserver.

Alright, issues have been resolved. To get certificates to work properly you need to modify:

/usr/local/cwpsrv/conf/cwpsrv.conf
Code: [Select]
ssl_session_timeout 90m;
        ssl_certificate     /etc/pki/tls/certs/hostname.crt;
        ssl_certificate_key /etc/pki/tls/private/hostname.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
error_page 497  https://$host:2087$request_uri;

convert the crt to a Pem..
Follow the tutorial from : https://scottlinux.com/2013/09/02/how-to-configure-ssl-certificate-chain-for-nginx/

Now everything is running properly.