I've managed to get so far and now I'm stuck[RESOLVED]


#1

Hi there,

I’ve managed to get so far with the installation that the certificates have been generated and are now saved in a folder on my server.

My only issue is that I’m completely lost with how to assign the certificate to my website.

I’m using a Cloud VPS on asmallorange and followed a video tutorial but have got to the point where I’m a bit confused about getting the certificates associated with the domains.

I’ve tried using WHM to browse for the certificates but nothing is being found.

Any help would be greatly appreciated.
I’m a complete beginner with terminal/ssh but I can follow a video guide pretty well which is what got me to this point.

Thanks in advance


#2

Scratch this.

Turns out it was as simple as navigating to the folder in SSH and using cat cert.pem and cat privkey.pem to display the certificate information then installing it manually through WHM.

Hopefully that helps anyone else in a similar situation.


#3

You’re also going to need chain.pem or fullchain.pem somewhere in order to create a configuration that works correctly with all browsers (unless WHM is trying to be extraordinarily clever behind the scenes).


#4

Hmmm, it all seems to be running fine so far. Are there any tell tale signs that it isn’t working other than checking in every browser individually?

Thanks


#5

You can use this website: http://ssllabs.com/


#6

Ran through that site and these appear to be the results below:

Handshake Simulation
Android 2.3.7   No SNI 2	RSA 2048 (SHA256)  	TLS 1.0	TLS_DHE_RSA_WITH_AES_128_CBC_SHA   DH 1024  FS
Android 4.0.4	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Android 4.1.1	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Android 4.2.2	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Android 4.3	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Android 4.4.2	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Android 5.0.0	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Baidu Jan 2015	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
BingPreview Jan 2015	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Chrome 48 / OS X  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 31.3.0 ESR / Win 7	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 42 / OS X  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 44 / OS X  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Googlebot Feb 2015	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
IE 6 / XP   No FS 1	  No SNI 2	Server closed connection
IE 7 / Vista	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
IE 8 / XP   No FS 1	  No SNI 2	Server sent fatal alert: handshake_failure
IE 8-10 / Win 7  R	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
IE 11 / Win 7  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
IE 11 / Win 8.1  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
IE 10 / Win Phone 8.0	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
IE 11 / Win Phone 8.1  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp256r1  FS
IE 11 / Win Phone 8.1 Update  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
IE 11 / Win 10  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Edge 13 / Win 10  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Edge 13 / Win Phone 10  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Java 6u45   No SNI 2	RSA 2048 (SHA256)  	TLS 1.0	TLS_DHE_RSA_WITH_AES_128_CBC_SHA   DH 1024  FS
Java 7u25	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS
Java 8u31	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 0.9.8y	RSA 2048 (SHA256)  	TLS 1.0	TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
OpenSSL 1.0.1l  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
OpenSSL 1.0.2e  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 5.1.9 / OS X 10.6.8	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Safari 6 / iOS 6.0.1  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
Safari 6.0.4 / OS X 10.8.4  R	RSA 2048 (SHA256)  	TLS 1.0	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp256r1  FS
Safari 7 / iOS 7.1  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
Safari 7 / OS X 10.9  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
Safari 8 / iOS 8.4  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
Safari 8 / OS X 10.10  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp256r1  FS
Safari 9 / iOS 9  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Safari 9 / OS X 10.11  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Apple ATS 9 / iOS 9  R	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Yahoo Slurp Jan 2015	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
YandexBot Jan 2015	RSA 2048 (SHA256)  	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS

Only issues appear to be with IE6 and IE8/XP. Unless I’m reading this completely wrong?


#7

You’re reading it right.


#8

@beezer123, the part to look at is not the handshake simulation, but the “Chain issues”. Ideally it should say “Chain issues: None”.


#9

Yeah that seems to be what it’s saying from what I can see.

Additional Certificates (if supplied)
Certificates provided	2 (2500 bytes)
Chain issues	None

Hopefully I’ve got things running ok, if not then I’m completely lost haha.


#10

That looks like it’s working properly, then. I wonder how WHM figured out what chain to use!


#11

Well, all the info for downloading the issuer cert is embedded in the leaf cert, right?


#12

@Osiris, huh, that’s true – the leaf cert has a pointer to URI:http://cert.int-x3.letsencrypt.org/, which serves a copy of the intermediate, so a server environment could notice the incomplete chain and pull the intermediate from that reference!


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.