Archive for the ‘SSL - Secure Server’ Category

organizations certificate has been revoked - SSL BROWSER ERROR

Tuesday, June 10th, 2008

So, you installed a cert… all appears fine… but, now in IE7, you are getting the following ERROR:

“This organization’s certificate has been revoked.”

But, you don’t believe that its really a revoked cert ?

Ok, do the following:

Go to Tools - Internet Options - Advanced.
Scroll down to Security.
Remove the two check marks beside the settings to do with revoked certificates.
Click on Apply.
Exit IE7.
Open IE7 and try the site again.

If the SSL site now works without any warnings, then you know that the certificatess has been revoked.

Contact the SSL issuer about why the SSL CERT was revoked.

Posted in SSL - Secure Server | No Comments »

www.NoMonthlyFees.com - SSL Certs that need CA Bundle

Tuesday, August 28th, 2007

Make sure that you always install the CA BUNDLE when setting up a CERT if it was bought from www.NoMonthlyFees.com

—–BEGIN CERTIFICATE—–
MIIETzCCAzegAwIBAgIQHM5EYpUZep1jUvnyI6m2mDANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNMDUwNjA3MDgwOTEwWhcNMTkwNzA5MTgxOTIyWjBvMQswCQYD
VQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0
IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5h
bCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/caM+by
AAQtOeBOW+0fvGwPzbX6I7bO3psRM5ekKUx9k5+9SryT7QMa44/P5W1QWtaXKZRa
gLBJetsulf24yr83OC0ePpFBrXBWx/BPP+gynnTKyJBU6cZfD3idmkA8Dqxhql4U
j56HoWpQ3NeaTq8Fs6ZxlJxxs1BgCscTnTgHhgKo6ahpJhiQq0ywTyOrOk+E2N/O
n+Fpb7vXQtdrROTHre5tQV9yWnEIN7N5ZaRZoJQ39wAvDcKSctrQOHLbFKhFxF0q
fbe01sTurM0TRLfJK91DACX6YblpalgjEbenM49WdVn1zSnXRrcKK2W200JvFbK4
e/vv6V1T1TRaJwIDAQABo4G9MIG6MB8GA1UdIwQYMBaAFKFyXyYbKJhDlV0HN9WF
lp1L0sNFMB0GA1UdDgQWBBStvZh6NLQm9/rEJlTvA73gJMtUGjAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAQIwRAYDVR0f
BD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmly
c3QtSGFyZHdhcmUuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQByQhANOs4kClrwF8BW
onvUOGCSjRK52zYZgDXYNjDtmr5rJ6NyPFDNn+JxkLpjYetIFMTbSRe679Bt8m7a
gIAoQYFQtxMuyLnJegB2aEbQiIxh/tC21UcFF7ktdnDoTlA6w3pLuvunaI84Of3o
2YBrhzkTbCfaYk5JRlTpudW9DkUkHBsyx3nknPKnplkIGaK0jgn8E0n+SFabYaHk
I9LroYT/+JtLefh9lgBdAgVv0UPbzoGfuDsrk/Zh+UrgbLFpHoVnElhzbkh64Z0X
OGaJunQc68cCZu5HTn/aK7fBGMcVflRCXLVEQpU9PIAdGA8Ynvg684t8GMaKsRl1
jIGZ
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIE0TCCA7mgAwIBAgIQCx/lLJIzxLB48bhxFnxkhzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTA2MDExOTAwMDAwMFoXDTE5MDcwOTE4MTkyMlow
XDELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHlNlY3VyZSBCdXNpbmVzcyBTZXJ2aWNl
cywgSW5jLjEkMCIGA1UEAxMbU2VjdXJlIEJ1c2luZXNzIFNlcnZpY2VzIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiQCbVxzRHQHNBMg9P0+cIr8
ABqNGGF2IP1JV69NoLGg/0ItoOFGmp8gSvpO2L4PSbPh+G8tfOSSO1YrdNCwrn5x
3z/1yudxVnmU1Bjw7Lhewmg0zhXQwyA/IpWIm+jm0aQWZEWsqKvYva3sY4ld4rFY
PAjBhmtU1HeKgC/BH70/el5HZDn+2+9Rz1vH2W6oKuWUx7lUNh/TRy7bDBkhkHsM
EICqntSn1H1vFf040cPdJSQydI/gzIWkm0pTn504UWIN+SRbo65J+7EoCMp8g4CB
yW2lRNZzJRNXFESp8pPAAgFDh4UxDiiWX8DQp1jVJ0fC4i895Lw1IB14YwLxsQID
AQABo4IBejCCAXYwHQYDVR0OBBYEFDiWWigtX0Mkl/XU+Y87hyXQya+2MA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYB
BAGyMQECAgowewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
Y29tb2RvLm5ldC9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBhgYIKwYBBQUH
AQEEejB4MDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9BZGRU
cnVzdFVUTlNlcnZlckNBLmNydDA5BggrBgEFBQcwAoYtaHR0cDovL2NydC5jb21v
ZG8ubmV0L0FkZFRydXN0VVROU2VydmVyQ0EuY3J0MBEGCWCGSAGG+EIBAQQEAwIC
BDANBgkqhkiG9w0BAQUFAAOCAQEAGk8tzcltvwhtKN+iJ+LMy61NSkvoakZ64SgI
Gb4Oqee+GY3InvbjHtonk7CLh5aXa7KKwTDjq+m1RNTYOYQ9RBACwDyHtyfV2pCv
Z0y6EeH2jOCyFaV8CjAiotJfePFwrvx5lskvSJxVC00ZeJLl6tysWC1utyvKK020
x1VO37ULlS4QFwDf162iLRIf1gCELZx7difEXpCCxegaTc5ILNNzkQ3EmsW3/BEU
ganGTr8ilY4z+xhQiSwSt6mEH59KocqCoTS93VC62n1QkLlQ2B64Wp2zTZmwpRfo
gNCukPCuzm0Htc+MVWW4Mf6GO1IZFxnjBfro5099kL+EJNvB/g==
—–END CERTIFICATE—–

Posted in SSL - Secure Server | No Comments »

Problems with GODADDY SSL Certs - browser giving warning

Thursday, August 2nd, 2007

If you are using a GODADDY SSL CERT, you may be getting a warning when you use some browsers such as Firefox or Netscape… the warning would say something like:
Unknown error, or not trusted, etc

You will need to download their their chain file, here is what how to do that:
wget https://certificates.godaddy.com/repository/gd_intermediate_bundle.crt

Next, you can configure apache to recognize the CA CHAIN FILE… by adding the THIRD LINE below:

SSLCertificateFile /usr/share/ssl/certs/nomonthlyfees.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/nomonthlyfees.com.key
SSLCertificateChainFile /usr/share/ssl/certs/gd_intermediate_bundle.crt

the first two lines should already be in the httpd.conf file… just add the last line.

Restart apache!

Posted in SSL - Secure Server | No Comments »

watch out for www on SSL Certs

Tuesday, July 31st, 2007

Ok, with normal domains and browsing, you should be able to type in anywebsite with or without the www.
So, nomonthlyfees.com is the same as www.nomonthlyfees.com

BUT, if you are working in SSL this is not the case.
Because an SSL Cert has to be attached to a specific domain and NOT a domain ALIAS (which is was www.nomonthlyfees.com actually is), you have to choose which way you want to access your SSL server.

If you want to access your sites SSL with the www., then you must specify that when you are setting up the cert with your web host.

Sometimes the SSL will still work for the domain alias, but you will get ERRORS from the web browser and your site visitors wont like it.

So pay attention when dealing with SSL.

Posted in SSL - Secure Server | No Comments »

cgi scripts not working in SSL

Monday, July 30th, 2007

cgi scripts were not working in SSL, yet they worked when you ran them in normal http mode.

So, I tested to see if the SSL working by itself…

Yes, just running https://NoMonthlyFees.com totally worked…

but, when I tried to run a perl cgi test script out of the cgi-bin, it just stopped working…

so, I checked the httpd.conf and found the problem.

PROBLEM was: there was no cgi-bin ScripAlias setup for the SSL portion of the httpd.conf entry…

so, I went in, and added the line:

ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/

restarted http, and boom, it worked.