Problems with a CA cert installation

Discussion in 'Plesk 6.0 Troubleshooting and Problems' started by 4web-space, Jul 25, 2003.

  1. 4web-space

    4web-space Guest

    We are having issues installing Comodo Instantssl CA cert files. We have tried their bundled installation and their other CA certs but Plesk keeps returning "The file is too large"

    Any ideas?


  2. LithiuM

    LithiuM Guest

    Try to send as a text file...

  3. 4web-space

    4web-space Guest

    same problem even pasting it in

    comodo say its an issue with plesk
  4. LithiuM

    LithiuM Guest

    Himm.. I had the same problem but sending as a text file solved mine....

  5. rembrandt

    rembrandt Tera Poster

    more problems wth Comodo cert.

    It seems that there are more problems with Comodo certificates, other then the 'file to large' problem. I've been trying to get a Comodo cert. but i can't get the rootchain installed (oone of the four parts to get the certificate installed properly.

    From te manual:

    13. Domain Administration
    -> Domain SSL Certificates Repository Management

    Uploading a CA certificate

    For the certificates purchased through certificate signing authorities other than Verisign or Thawte you will receive what is typically called a CA Certificate, or rootchain certificate. The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:

    At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

    Use the Browse button, within the section related to the certificate uploading, to locate the appropriate CA Certificate file.

    Click SEND FILE. This will upload your CA Certificate to the repository.

    You can upload an existing certificate in two ways:

    Choose a file from the local network and click on the SEND FILE button (.TXT files only).

    Type in or paste the CA certificate text into the text field and click on the SEND TEXT button


    However when i do this i get a message: would you like to overwrite ....

    The endresult: the cert. is still incomplete: the 'R', 'K' and 'A' part are set, but never the 'C' part...

    Can anyone give me a step-bystep for PlesK v6.0.x to install a cert. (from Comodo) 100% correct?

    Thanks in advance!
  6. hostcorp

    hostcorp Guest

  7. rembrandt

    rembrandt Tera Poster

    tried it: problem still excists ...

    There is a;
    • CSR part
    • Private Key
    • 'no' certificate (??)
    • CA Certificate

    And i still get the "do you want to replace" dialogue ... damn ..
  8. hostcorp

    hostcorp Guest

    Try deleting the cert and reinstalling it.
  9. martin_68

    martin_68 Guest

    I have the same Problem when I want to install the CA-certificate from
  10. rembrandt

    rembrandt Tera Poster

    That's what i've been doing for several days now, and still i can't get the certificate right ... it woulkd be very nice to have a step-by-step how-to on this matter, because i've got the feeling that more people are having the same problem.
  11. 4web-space

    4web-space Guest

    Comodo fixed our issue


    Basically, you need to add the line:
    SSLCACertificateFile /path/to/bundle

    to the end of the httpd.conf and reboot the server.


    Technical Support
    Comodo CA Limited
  12. rembrandt

    rembrandt Tera Poster

    Owkeej, nice.. but:

    SSLCACertificateFile /path/to/bundle

    where "/path/to/bundle" is ?

    Could you be more specific?
  13. 4web-space

    4web-space Guest

  14. rembrandt

    rembrandt Tera Poster

    Is rebooting really neccasery? or does rebuilding Apache by

    will do the trick?
  15. 4web-space

    4web-space Guest

    Not sure try it
  16. rembrandt

    rembrandt Tera Poster

    Well i tried to rebuilt and restartt Apache, rebooted teh server, re-installed the Cert. (again) .. still just 3 parts, not the whole certificate ... now i'm completely lost ...
  17. alphamega

    alphamega Kilo Poster

    Comodo/InstantSSL certificate for Controlpanel-Url in Psa6, How I did it

    Here is a detailed walktrough how I did get a Comodo / InstantSSL certificate working for the Plesk 6.01 controlpanel on one of our servers.

    1- Login in Plesk 6 as Admin
    2- [SERVER] -> [Certificates] -> [Add]
    3- Fill the fields, I chose 1024 bits
    4- Choose the exact url you will use for the contropanel-login
    5- [Request]
    6- Click the newly created certificate
    7- Copy and paste the CSR and the Private key in a textfile, and save them on your workstation, you need them later.

    8- Go to with your browser
    9- [Continue]
    10- Copy and paste the CSR from the textfile in the big box (1)
    11- 2. Server Software: Plesk
    12- 3. Years: Pick one
    13- 4: Uncheck the "Security Space FREE Trial Audit:" box
    14- [Next]
    15- Fill in the requested details
    16- Complete the payment
    17- The Certificate gets mailed to you, subject: ORDER #XXXXX Your InstantSSL Certificate for <domain>

    18- Log in to your server as root

    19- # cd /usr/local/psa/admin/conf
    20- # wget

    21- # mv httpsd.pem httpsd.pem.ori
    22- edit the file httpsd.pem ("# joe httpsd.pem" for me)
    23- first paste the private key from the textfile in this file.
    24- then paste the certificate from the received email
    25- so now /usr/local/psa/admin/conf/httpsd.pem looks like:
    -----END RSA PRIVATE KEY-----
    -----END CERTIFICATE-----
    26- Save & Exit the file (Ctrl-K,X for me)

    27- now edit httpsd.conf ("# joe httpsd.conf" for me)

    28- search for "SSLRandomFile" (Ctrl-K,F,SSLRandomFile for me)
    29- set the following values:
    #SSLRandomFile /dev/urandom 1024
    #SSLRandomFilePerConnection /dev/urandom 1024
    SSLCACertificatePath /usr/local/psa/admin/conf
    SSLEngine on
    SSLCACertificateFile /usr/local/psa/admin/conf/ca_new.txt
    SSLCertificateFile /usr/local/psa/admin/conf/httpsd.pem
    SSLVerifyClient 0
    SSLVerifyDepth 0
    30- Save & Exit the file (Ctrl-K,X for me)

    31- # /etc/init.d/psa stop
    32- # /etc/init.d/psa start

    33- close all your browser windows
    34- go to the url you choose at step 6
    35- Click the lock-icon in the status bar, to test the certificate.
    36- mine is working, at

    Kind regards,
    Jeroen Vermeulen - Alphamega (Dutch)

    In the beginning God created the heavens and the earth
    Nietzsche said: God is dead
    God sais: Nietzsche is dead.
  18. defender

    defender Guest

    I cant get this working on port 443...only 8443...which does me no good.

    How can I get this working on 443?

    help! 5 hours wasted again...
  19. alphamega

    alphamega Kilo Poster

    If you want to show your Plesk Controlpanel on port 443 (because some firewalls and proxy's can't handle 8443) you need to edit the file /usr/local/psa/admin/conf/httpsd.conf
    find "Listen 8443" in that file, and add
    below that line. For choose an ip that is asigned to the Plesk server, that ip should NOT have a hosting account with the option SSL enabled on it, and should NOT be used for shared hosting.

    Kind regards, Jeroen Vermeulen - Alphamega Hosting
  20. memory

    memory Guest

    GeoTrust Quick SSL True 128bit with Unique Checkpoint Identifier business registration.

    $159 a year.

    $69.95 a year through IHS:

    Global Identifier:

Share This Page