I followed everything twice, cannot get SSL to work

[DavidPesta]

Edit:
I highly recommend LiteSpeed server to everyone. The following problem was the ONLY trouble that I had installing LiteSpeed server and it was resolved within a day. LiteSpeed is WAY more efficient and WAY easier to set up than Apache.


I tried everything twice, even had the new certificate generated twice. Here is what I did:

# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Oklahoma
Locality Name (eg, city) []:Owasso
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Auction Zealot
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:www.auctionzealot.com
Email Address []:davidpesta@gmail.com
A challenge password []:
An optional company name []:


I created a Server Listener:
Listener Name - AZ SSL
IP Address - ANY
Port - 443
Secure - Yes

Inside the new AZ SSL Listener, I went to the SSL settings:
Private Key File - /ssl/server.key
Certificate File - /ssl/www_auctionzealot_com.crt
Clicked "save"
SSL Version - Not Specified
Encryption Level - Not Specified

Inside AZ SSL Listener "General" tab, I set up a Virtual Host Mapping:
Virtual Host - Auction Zealot
Domains - www.auctionzealot.com
Clicked "save"

Clicked "Apply Changes"
Clicked "Graceful Restart"

Listeners shows:
AZ SSL *:443 Running [Auction Zealot] auctionzealot.com

Here is the page with the problem:
https://www.auctionzealot.com/login.php


Another thing interesting to note, when they generated both certificates they were identical even though I generated separate private keys. Could this be the problem? (Their fault?)

Thanks,
David

 

[DavidPesta]

I have included screen shots of the inside of my litespeed configuration.

Here is the server status:

Here is the General tab on the SSL listener:

Here is the SSL tab on the SSL listener:

Go to https://www.auctionzealot.com/login.php to see the problem.


Please help!
David

 

[xing]

The url works in SSL on my end. From the screenshots you did not actually check/enable any of the SSL Protocol features.

 

[DavidPesta]

The url works in SSL on my end.

What?!

From the screenshots you did not actually check/enable any of the SSL Protocol features.

I tried SSL v2.0, I tried SSL v3.0, I tried TLS v1.0, I tried HIGH, I tried MEDIUM, I tried combinations of all of these. It won't even allow me to reach the page if any of these are chosen.

Here is the most recent email (out of 15 emails) with Comodo SSL where I got my certificate:

"Hi David,

Thank you for the reply.

This is to inform you that CSR is correct only no need to make the common name to auctionzealot.com but problem is in certificate installation.

Please delete the exisiting certificate to install the new certificate which we resent to your email id.

Don't hesitate to contact us for assistance at any point of time.

Regards

Steve"

They say my CSR is correct. I can't get this working..

David

 

[xing]

SSL is working but IE does not recognize the certificate creator as "trusted". Anyone can generate certificates but unless they are one of the tops in the industry and have their certificate bundled with IE, IE will complain.

You need to get a certificate from a more reputable/larger SSL cert provider.

And get a refund from comodo.

 

[DavidPesta]

Did you know that this certificate is 18 months old? The dates 3/27/2005 - 5/3/2007 can be seen on the last screen shot in my previous post.

I had this company make a certificate that worked on apache for 18 months.

David

 

[mistwang]

That probably because the CA certificate has not been loaded. That's the certificate you get from commando which should be used for SSL certificate they issued.
Check your apache configuration and have the CA certificate installed on LiteSpeed the same way.

 

[DavidPesta]

Check your apache configuration and have the CA certificate installed on LiteSpeed the same way.

I tried this as well and had the same result. I figured that (not knowing how SSL certification actually works or what is involved) that Comodo had something reset on their end which prevents the old apache certificate from working.

If they generate a new certificate for the new server, will the old certificate still be expected to work?

David

 

[mistwang]

I am pretty sure it is your configuration problem, when you check the certificate details, there is only one certificate in "Certification Path".

make sure you get the CA certifcation and set
http://www.litespeedtech.com/docs/webserver/config/listeners/#CACertFile
You should be able to copy it from your apache server or download from commando website.

 

[mistwang]

Check this page out
http://www.instantssl.com/ssl-certificate-support/cert_installation/ssl-certificate-index.html

 

[DavidPesta]

It has to be a problem with what I'm doing, but I have absolutely no idea what it is. I followed your HOW TOs instructions "How to configure SSL using the private key and certificate in LiteSpeed web server?" and it says nothing about the CA.

I'm just not familiar with SSL, but I'll just keep providing screen shots of what I'm doing until we get it working. (Then I'll know how to do it.) We'll get it eventually.

Here is what I did based on your instructions:

For CA Certificate File I tried:
/ssl/ComodoSecurityServicesCA.crt (sent to me along with www_auctionzealot_com.crt)
/ssl/GTECyberTrustGlobalRoot.crt (sent to me along with www_auctionzealot_com.crt)
/ssl/ComodoSecurityServicesCA2018.cer (downloaded from website in your last post)
/ssl/GTECyberTrustGlobalRoot2018.cer (downloaded from website in your last post)

I still have the same result..

I still don't know for sure what I am doing, but am trying to follow all instructions given to me.

David

 

[DavidPesta]

By the way, for chained certificate, I tried YES, NO, and N/A and I restart the server every time I make changes.

David

 

[mistwang]

Download the ca_new_2018.txt from their web site, use it as "CA Certificate File"
Set "Chained Certificate" to "No", leave "CA Certificate Path" unset, restart the server, it should work.

 

[DavidPesta]

Sorry, I did exactly as you said and it does not work...

I thoroughly reviewed both files "ca_new_2018.txt" and "ComodoSecurityServicesCA.crt" and found that they were identical anyway.

David

 

[ts77]

I don't get a warning for that page anymore.

 

[DavidPesta]

Wow, it just works now all of a sudden!

Why did it take time for it to come into effect? That makes it impossible to troubleshoot. Kind of disturbing...

Thank you for your help!

David

 

[DavidPesta]

I want you to know this doesn't affect what I think of LSWS, I absolutely love your program!!!

Your software is still 1000's OF TIMES EASIER than setting up Apache/TUX/eaccelerator. SSL was my ONLY complication! Good job to your team!

David