TurnKey Linux Virtual Appliance Library

SSL setup issue in IE only (shows ID of initial self signed SSL)

 

I have edited the /etc/apache2/default file to the following. I install SSL and everything seems fine in Chrome & Firefox and when checked against http://www.sslshopper.com/ssl-checker.html, everything checks out and shows correct SSL ID. The problem I am having is that in IE, it is seeing the unsigned cert that is initially installed. I'm new to this, so I'm guessing I missed something in this file... Any help would be much appreciated. Thanks in advance!
 
NameVirtualHost *:80
NameVirtualHost *:443
 
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
</VirtualHost>
 
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/cert.pem
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
</VirtualHost>
 
<VirtualHost *:80>
ServerName www.website.com
DocumentRoot /var/www/website
RewriteEngine on
RewriteCond  %{HTTPS}  ^off$
RewriteCond  %{HTTP_HOST} (.*)
RewriteRule  ^(.*)/? https://%1$1 [L,R]
</VirtualHost>
 
<VirtualHost *:80>
ServerName website.com
DocumentRoot /var/www/website
RewriteEngine on
RewriteCond  %{HTTPS}  ^off$
RewriteCond  %{HTTP_HOST} (.*)
RewriteRule  ^(.*)/? https://%1$1 [L,R]
</VirtualHost>
 
<VirtualHost *:443>
ServerName www.website.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/website.com.crt
SSLCertificateKeyFile /etc/ssl/private/website.key
SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt
SSLCACertificateFile /etc/ssl/certs/website.com.pem
DocumentRoot /var/www/website
</VirtualHost>
 
<VirtualHost *:443>
ServerName website.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/website.com.crt
SSLCertificateKeyFile /etc/ssl/private/website.key
SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt
SSLCACertificateFile /etc/ssl/certs/website.com.pem
DocumentRoot /var/www/website
</VirtualHost>
 
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
 
<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        Order allow,deny
        allow from all
</Directory>
Jeremy's picture

I have have no knowledge around SSL certs

So I can't be much help. Hopefully someone more knowledgable than me will be along shortly.

But in the meantime, a couple of thoughts:

Make sure that you clear the cache and cookies in IE and try again. Maybe it was just some stale info?

You could try googling for ideas. TKL v12.x is based on Debian Squeeze so anything that applies to Apache config in Squeeze should also be relevant to TKL.

You could also try contacting the vendor who sold you the cert. They may have some ideas, or perhaps even troubleshooting steps on a wiki or blog page somewhere?

Will look into it

Thanks Jeremy, I've done quite a bit of research and done some verification but still no luck. The SSL provider is godaddy and I'll contact them and see if they can see anything funky w/ the cert. Thanks for the tips. I'll update if I find out what's going on. 

Standard Self Signed Cert?

I'm wondering if the standard self signed certificate has anything to do with my problem... I have only modified the /etc/apache/sites-availabe/default file with what is above... do I need to also modify the default-ssl file?

Jeremy's picture

IIRC default-ssl is disabled

So that shouldn't be any issue. I think that default-ssl is for SSL only sites (ie you disable default and enable default-ssl and then only SSL connections are allowed). To see what sites are enabled have a look in /etc/apache2/sites-enabled

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)