SSL not trusted


Status
Not open for further replies.

Ilham Hakim

Apprentice 2.0
Verified Provider
mohon pencerahannya. Install CA berapa kalipun hasilnya tetep sama. Adakah cara manual install sertifikat CA? sertifikat CA itu kesimpen dimana ya?
 

Ilham Hakim

Apprentice 2.0
Verified Provider
Alhamdulillah akhirnya fix dengan kontak support cpanel langsung :D
Hello,

I apologize for the delay, but I have confirmed the cause and a resolution for your reported issue.

After review I found that the CA-Bundle information was not updating during the installation. This was due to a quality check performed by our SSL installation software. It verifies the existing cert against the one being installed and puts in the one that it classifies as "better". In this case it was truncating your extended bundle for the existing one.

The installer does this because all signing authority bundles are shared, so it chooses the optimal for each to use. If you do not want to use the default Bundle, you would need to set up a custom CA-Bundle. Since custom configurations use ssh utility outside cPanel, we do not support custom configurations.

However, I did want to assist you as much as possible with this. As a one time courtesy, I went ahead and configured the custom SSL for domain.com. I then verified that it pulls your extended CA-Bundle correctly.

For any other domains or future SSL updates, you will have to perform the following custom setup if you want to use a different bundle than the default.

Configure Custom Bundle:

1. Create the custom bundle you want to use inside the /var/cpanel/ssl/installed/cabundles directory.
|The custom bundle for domain.com can be used for other domains using COMODO, it is located at /var/cpanel/ssl/installed/cabundles/COMODO_CA_Custom.cabundle

2. Edit the cPanel user data file(/var/cpanel/userdata/$cpuser/$domain_SSL) to automatically assign the custom Bundle in apache.
*EXAMPLE: sslcacertificatefile: /var/cpanel/ssl/installed/cabundles/COMODO_CA_Custom.cabundle
|The user data file edited for domain.com was /var/cpanel/userdata/domainco/domain.com_SSL

3. You will now need to rebuild the userdata cache with the following script
|/scripts/updateuserdatacache

4. Then you need to rebuild the apache configuration.
|/scripts/rebuildhttpdconf
*It is also advisable to backup the httpd.conf before rebuilding it!

5. The last step is to restart the apache service to load the new bundle setttings.
|/scripts/restartsrv_httpd
 
Status
Not open for further replies.

Top