Can`t install Comodo SSL certificate on Centos7 apache2
I have bought Comodo PositiveSSL. Now I have certificate.key and zip-archive which is contains 4 files.
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/.
then I go to
/etc/httpd/conf.d/my_site_ru.conf
and added this
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after
systemctl restart httpd
i got an error
Bad Request Your browser sent a request that this server could not
understand. Reason: You're speaking plain HTTP to an SSL-enabled
server port. Instead use the HTTPS scheme to access this URL, please.
if I try to open my site with https://my_domain.ru I see next
Connection is not secure
ssl ssl-certificate centos7
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
add a comment |
I have bought Comodo PositiveSSL. Now I have certificate.key and zip-archive which is contains 4 files.
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/.
then I go to
/etc/httpd/conf.d/my_site_ru.conf
and added this
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after
systemctl restart httpd
i got an error
Bad Request Your browser sent a request that this server could not
understand. Reason: You're speaking plain HTTP to an SSL-enabled
server port. Instead use the HTTPS scheme to access this URL, please.
if I try to open my site with https://my_domain.ru I see next
Connection is not secure
ssl ssl-certificate centos7
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
add a comment |
I have bought Comodo PositiveSSL. Now I have certificate.key and zip-archive which is contains 4 files.
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/.
then I go to
/etc/httpd/conf.d/my_site_ru.conf
and added this
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after
systemctl restart httpd
i got an error
Bad Request Your browser sent a request that this server could not
understand. Reason: You're speaking plain HTTP to an SSL-enabled
server port. Instead use the HTTPS scheme to access this URL, please.
if I try to open my site with https://my_domain.ru I see next
Connection is not secure
ssl ssl-certificate centos7
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
I have bought Comodo PositiveSSL. Now I have certificate.key and zip-archive which is contains 4 files.
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/.
then I go to
/etc/httpd/conf.d/my_site_ru.conf
and added this
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after
systemctl restart httpd
i got an error
Bad Request Your browser sent a request that this server could not
understand. Reason: You're speaking plain HTTP to an SSL-enabled
server port. Instead use the HTTPS scheme to access this URL, please.
if I try to open my site with https://my_domain.ru I see next
Connection is not secure
ssl ssl-certificate centos7
ssl ssl-certificate centos7
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
asked Nov 23 '18 at 9:37
ViktorViktor
1851519
1851519
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config withapachectl -tcommand.
– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
add a comment |
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53444029%2fcant-install-comodo-ssl-certificate-on-centos7-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config withapachectl -tcommand.
– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
add a comment |
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config withapachectl -tcommand.
– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
add a comment |
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
answered Nov 23 '18 at 9:48
Jan MarekJan Marek
6,52321518
6,52321518
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config withapachectl -tcommand.
– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
add a comment |
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config withapachectl -tcommand.
– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
If i added two virtual hosts to my_site.conf I can't restart httpd
– Viktor
Nov 23 '18 at 9:58
1) Check your logs. 2) Check your apache config with
apachectl -t command.– Jan Marek
Nov 23 '18 at 10:02
1) Check your logs. 2) Check your apache config with
apachectl -t command.– Jan Marek
Nov 23 '18 at 10:02
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
Thanks man! It`s works!
– Viktor
Nov 23 '18 at 10:15
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53444029%2fcant-install-comodo-ssl-certificate-on-centos7-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
