[Solved] SSL configuration

[Brent W Peterson]

Do I need to put my SSL info in both the listener and the virtual host?

Do I have to have two IP's for SSL on the server?

 

[Brent W Peterson]

SSL not listening after turning on Sercure

My SSL won't start after I turn on secure, it will listen if I don't click secure

 

[webizen]

SNI is supported by LSWS. You can configure listener with a default SSL cert and put a real cert for the vhost. One IP should be enough.

 

[Brent W Peterson]

ok I added my ssl info to both my listener and my virtual but I can not get it to start if it is set to secure

 

[webizen]

For testing, do not bind vhost to the listener. make sure SSL info such as path to the key and cert is correct and SSL port is not occupied by other service.

 

[Brent W Peterson]

I have this as my chained cert path

CA Certificate Path: /etc/ssl/certs/
CA Certificate File: xxxx.com.cabundle

but it is giving me this error:

[config:vhost:Admin] Path for CA Certificate file is invalid: /home/xxxxx/public_html/xxxx.com.cabundle

 

[Brent W Peterson]

Ok I followed the WIKI here http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed_wiki:ssl_cert_install

I get this error on restart

Error xxxx_secure xx.xx.xx.xx:443 N/A

Running xxxx_main *:80
[Admin xxxx] *.xxxx.com

 

[webizen]

Looks like cert isn't loaded. Did you create the chained cert as follows? Make sure lsadm has read permission to the cert directory and file.

Another way is to create a chained certificate, set “Certificate File” to the path of “chained.cert”, “Chained Certificate” should be set to “Yes”. To create the chained certificate, you can concat your certificate file together with the intermediate certificate with a command like:

cat my.cert ca.cert > chained.cert

 

[Brent W Peterson]

I got it, I removed the chained cert and it worked.