RE: How to set up SSL certificate (not self-signed) on virtual host on Ubuntu?
06-24-2015, 07:49 PM
Code:
################################################################
# Apache VHOST configuration file
# Automatically generated by Sentora 1.0.0
# Generated on: 11:30 24th Jun 2015 CEST
#==== YOU MUST NOT EDIT THIS FILE : IT WILL BE OVERWRITTEN ====
# Use Sentora Menu -> Admin -> Module Admin -> Apache config
################################################################
Listen 80
Listen 443
# Configuration for Sentora control panel.
<VirtualHost *:80>
ServerAdmin marek@hotshot.sk
DocumentRoot "/etc/sentora/panel/"
ServerName hshot
ErrorLog "/var/sentora/logs/sentora-error.log"
CustomLog "/var/sentora/logs/sentora-access.log" combined
CustomLog "/var/sentora/logs/sentora-bandwidth.log" common
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
# Custom settings are loaded below this line (if any exist)
</VirtualHost>
################################################################
# Sentora generated VHOST configurations below.....
################################################################
<virtualhost *:443>
ServerAdmin marek@hotshot.sk
ServerName fitcity.sk
DocumentRoot "/var/sentora/hostdata/zadmin/public_html/fitcity_sk"
SSLEngine on
SSLCertificateFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.crt
SSLCertificateKeyFile /var/sentora/hostdata/zadmin/ssl/fitcityfinal.sk.key
SSLCertificateChainFile /var/sentora/hostdata/zadmin/ssl/intermediate.crt
/var/sentora/hostdata/zadmin/ssl/intermediate.crt
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
ErrorLog "/var/sentora/logs/domains/zadmin/fitcityX-error.log"
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX.tld-access.log" combined
CustomLog "/var/sentora/logs/domains/zadmin/fitcityX-bandwidth.log" common
<Directory "/var/sentora/hostdata/zadmin/public_html/fitcity_sk">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
</virtualHost>
# <virtualhost *:80>
# ServerName fitcity.sk
# Redirect permanent / https://fitcity.sk/
# </virtualhost>
# END DOMAIN: fitcity.sk
################################################################This is my Sentora VHOST config file (httpd-vhosts.conf). I tried both intermediate.crt with same result. With this configuration, when I open fitcity.sk it opens Sentora CP except my site...
When I put to my console: openssl s_client -connect fitcity.sk:443
I get:
Code:
openssl s_client -connect fitcity.sk:443 CONNECTED(00000003)
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIElzCCA3+gAwIBAgIDBTatMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTA2MjEwMzQ0MzBaFw0xNjA2MjQxMjQwMjJaMIGOMRMw
EQYDVQQLEwpHVDA2MjE3Nzg3MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTETMBEGA1UEAxMKZml0Y2l0eS5zazCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVENShvjeKewXS0nipy17UNPhod
bVGd903wfVKPTGPtMOMa3+cHS1XAX8ZNTzFSnp1n3t2a/+8TcGPjrg+fyddRGfpu
S7EaHrdfPUHP1HyvfRnWTTwKFltdkhnpZzVVZl3XcLVIsVISgz4HBGC/Jj04aCCO
6xWKEwCzhkw/ahYRASN6CfQsZda7bciAmPMXDkgAf/dSc5zDTQx4ZV8ZOZk1AtW/
exH1hHEL7Yp/ic0GG3HggCGO04brVLPHyIyNTtVDY5nJntiZX6f9rZUaZXftyI4g
t5amdT8bf0UJgQk+Bul7Ar3nSj1Lj/i51ln5ugv5Ut3iBgtwyJqDrMXna9MCAwEA
AaOCAUIwggE+MB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZMFcGCCsG
AQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNvbTAmBggr
BgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggpm
aXRjaXR5LnNrMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9ndi5zeW1jYi5jb20v
Z3YuY3JsMAwGA1UdEwEB/wQCMAAwQQYDVR0gBDowODA2BgZngQwBAgEwLDAqBggr
BgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMA0GCSqGSIb3
DQEBCwUAA4IBAQAh1z4+BpoRzwcwzY6o3g2Yty6ZuPPrHrs6XUQJl/DXglDv8lR7
71vaHSuuvQ65ccC6r3pmx259I0MWTEHLpy9eclejfO2v34dTWk79iDRY0YkcP5cf
++OfoCFARRlksw45i6uqDBjlp/CB3rOJBMHpdM2YSM1/W5MHyB0M9xyn01E+rnlI
LgeUz4eeWT9+K9Xt1qTX9shifmGxQOmH2tDSv71e08vCz7PXNxPSFm4NRMdX/HDh
zhz36WcIqv3SS7dZxVlPqL1GarmAl+FZ1kc9p9FvEqWxVtXBSn6ei3O9jT2xZQf0
vxkq/w/7xbiDIvqYLyWKcEeE1aVMeUepypYS
-----END CERTIFICATE-----
subject=/OU=GT06217787/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=fitcity.sk
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2994 bytes and written 477 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: B9C8CE17E687E59323A448496BB440A7CA25083658C7EE7929E895BA7F2CA1AC
Session-ID-ctx:
Master-Key: 34B07A28EFCBA4CC09DAA693041E800A0EB7A473D15B2B14AFF87A4B3B5A2BEC4ECA86987EF2EAEB3E8B8B9D713BA43D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 00 7f 92 68 75 04 8c e5-a0 0f 9b 4c cb aa ad a2 ...hu......L....
0010 - 29 e0 68 0d 1a c6 ed 2d-8c ba a2 21 99 28 2a e5 ).h....-...!.(*.
0020 - e3 d1 83 7f 18 84 a6 8e-0d 7c a8 2e d8 bb 52 c9 .........|....R.
0030 - 22 26 10 26 4c 3f 6d 54-06 d8 b4 91 08 dc 1d 0e "&.&L?mT........
0040 - 1c ca 28 dd 06 9a 2e 29-ae 05 16 83 62 af 54 89 ..(....)....b.T.
0050 - 56 03 50 f8 cf 58 53 92-35 88 d4 d0 71 47 9b 2f V.P..XS.5...qG./
0060 - 39 7f c5 49 29 9c ab 85-95 88 4a 6c bf 46 7b a2 9..I).....Jl.F{.
0070 - ce 45 6c d9 b3 8c 48 39-04 92 bf 9c 43 03 2f dd .El...H9....C./.
0080 - 9b b8 3a ed 77 13 39 ee-fc 16 cd f9 c8 90 47 3b ..:.w.9.......G;
0090 - 27 16 b5 a5 98 c0 e9 2b-e6 72 d5 29 b9 d4 84 43 '......+.r.)...C
00a0 - 9b c3 1b 97 a9 5f dc 0e-a0 35 f2 dd e6 b5 a4 98 ....._...5......
00b0 - 34 fa fc eb ef 61 6c 3d-a7 fd 31 42 36 ce 80 f5 4....al=..1B6...
Start Time: 1435001436
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)CAN SOMEBODY HELP PLEASE???
