Comodo PositiveSSL CA bundle problems
Hi,
There appears to be a problem with the "Manage Service SSL Certificates" feature in WHM.
If I install a (renewed) Comodo PositiveSSL SSL certificate (this may be the same for other multiple chained SSL certificates as well) for all services (cPanel/WHM/Webmal, DoveCot, Exim, FTP) the CA bundle is not added automatically by WHM. And when the CA bundle is added manually as provided by Comodo, e-mail programs connecting to DoveCot using SSL, are reporting chain errors and will not download any e-mails, so I had to remove the CA bundle again.
Other servers running a (free) StartSSL certificate do not have these problems.
Does anyone have the same problems?
Using: CentOS 6.5 x86_64 with WHM 11.44.1 (build 18).
Thanking you in advance.
-
yeah I experienced same problem I use Comodo/GoGetSSL Wildcard certificate same as in - ]
- CA bundle is not automatically added by WHM
- If you try to add CA Bundle after previous WHM install of SSL certificate seems some kind of caching is in effect and still ssllab tests report CA bundle issues. Only when you uninstall previous SSL certificate and re-install but this time manually add the CA Bundle will it work and ssllab won't report errors
- You can use test at
0 -
I'm also suffering from this. Using Comodo's PositiveSSL. WHM does not autofill root bundle anymore. Hence it accepts but an ssl check gives an error that CA is not to be trusted. I've contacted Comodo and they've sent me a CA for the SSL. But it doesn't seem to work. 0 -
Hello :) Could you let us know which version of cPanel is installed on your system? Thank you. 0 -
WHM 11.46.0 (build 12) 0 -
FYI: I still haven't solved this problem either. The CA bundle is not loaded properly when renewing the main SSL certificate. CENTOS 6.6 x86_64 standard WHM 11.44.1 (build 19)0 -
Please feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
Instead of contacting Comodo Support and gain a CA bundle file You can do the following: When You get your new SSL cert from Comodo (by mail) they have a zip file attached. You need to unzip the zip-file and open the following files in a text editor like notepad: AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt Then copy the text of each ".crt" file and paste the texts above eachother in the "Certificate Authority Bundle (optional)" field. After that just add the SSL cert as usual in the "Certificate" field and click at "Autofil by Certificate" button and hit "Install". That will solve the issue. :) 0 -
psfrog, It just doesn't work. I'm contacting cPanel right now. 0 -
]psfrog, It just doesn't work. I'm contacting cPanel right now.
Weird - I have solved this at 8 servers so far by doing this. I hope Cpanel will help You solve it.0 -
]It just doesn't work. I'm contacting cPanel right now.
Please ensure you post the ticket number here so we can update this thread with the outcome. Thank you.0 -
Just chiming in... I too was having untrusted chain issues with a PositiveSSL from cheapsslsecurity, and tried several different orderings that various blogs said would fix the problem and construct a trusted CA bundle, but none of them worked. psfrog's solution worked for me and now no longer get untrusted cert warning on Android - thanks! 0 -
Yea psfrog's solutions works. Thanks for that. The annoying thing about this problem is that it's like 1 out of 5 computers that returns "invalid ca", took us 3 months to actually notice the problem. 0
Please sign in to leave a comment.
Comments
13 comments