سلام دوستان کی میدونه ssl ادمین دایرکت ادمین رو چجوری میشه تغییر داد.

https://web4iran.in:2222

سلام دوستان کی میدونه ssl ادمین دایرکت ادمین رو چجوری میشه تغییر داد.

https://web4iran.in:2222

سلام منظورتون سرور اصلي هست؟

سلام دوستان کی میدونه ssl ادمین دایرکت ادمین رو چجوری میشه تغییر داد.

https://web4iran.in:2222

یعنی میخواید یک سرتیفیکیت دیگه بسازید ؟ ، اگه آره ب ترتیب وارد کنید :

حذف سرتیفیکیت قبلی :


rm -rf /usr/local/directadmin/conf/cakey.pem
rm -rf /usr/local/directadmin/conf/cakey.pem

ساخت سرتیفیکیت جدید :


/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes

پرمیشن ها :


chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

سلام منظورتون سرور اصلي هست؟


بله میخوام مال دامنه اصلی رو عوض کنم.

- - - Updated - - -


یعنی میخواید یک سرتیفیکیت دیگه بسازید ؟ ، اگه آره ب ترتیب وارد کنید :

حذف سرتیفیکیت قبلی :


rm -rf /usr/local/directadmin/conf/cakey.pem
rm -rf /usr/local/directadmin/conf/cakey.pem

ساخت سرتیفیکیت جدید :


/usr/bin/openssl req -x509 -sha256 -newkey rsa:4096 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes

پرمیشن ها :


chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

چندین بار امتهان کردم شرکت گواهی به cert خطا میده.

- - - Updated - - -

دقیقا اینجوری بشه.
https://www.directadmin.com:2222/

چندین بار امتهان کردم شرکت گواهی به cert خطا میده.

متن خطا رو قرار بدید .

به نظرم مشكل ca كد هست كه داره خطا ميده

Error: CSR is not parsable

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQ DyistJDG0B0uyI
zBEVQ/S8SdKr2YaOuSm9u+crgz7t/zfkKj8wKSrqUXMVGiS5cHBLD40T9ElGq49c
G6FIN8/KJU3Q7f1Jq6W5r9+Vc9jSnwFNF1QHNks3SgyqA7dpCrSOjZO8D OgLIJaO
GPS+y5Mf2+zFNxbnh1S00RYUzeuzbeTcT9cRhSCFdMth4g0DDl vA41W/GfTKp3aj
3PhoO+QdoznhvrovJmwjhgSMr9nw8qe9wVgNk56Cd4Nfvt4xLy Rr8XY+9LyJ9Inl
k4mJWFx3IBkFqWW+neeAl5G6FGAMM4AeiL0u45PcDZ+RTz0jJd FtnaMJZrNsvNzW
o6KqKxIDAgMBAAECggEAE8Ql7w0ZMSXcawWeesov/sxRY/n1UlpawYC3xT8L+N9s
0aZzwdwJCFGc/GJGDerQ6/0XdUHaWu0OYOZLjZQm1gWWQumyU7euaOShZw+q4vdc
Zsj46yGMnbPmNlDZOLFLp7Z4DMJMguOkAW6dO5NhqR4GPMhRkI rh516G2ykxBU1N
0r923QNGSgQuYbYbNodaWd5KnIag+eLsC4TE2GWYlbGQQB8UqK QjVlSpIX8QVGAV
M4lkAAUpC4t4A+ALwmG7mwd+IqsRszFz02Dut6n/fQyje79mQTKknlDMZaeZHJj8
SPia5q9rdiDJPNYKEtEf4ttjEA3vW0+G3sNxcciN0QKBgQD+eO AJUrzoC8aYGsBx
U14+1sAjwqrTkrFCdGezlZGyxPtnTpbqqmJDBbmud2UGwQWb8R GMr/0D6frj3pL8
ILi6WXY0MlRRTpuzxwf12XXgN3d92OSPaFA/p/Uhto9G2GH9XwIHOJS8ZUYcNNGf
+05rXiLKwZIY8/1b09h9m1LBiwKBgQDz/5Uc20tkv+zHfGhDIInepDkf7L/GE67K
MEgl8oSRVqKmD9s6Lbuthw4TWwXQALGuBEImdoE5NrsM6i9+05 EERyct0I8lYjY6
r9YCYRmAwH3HNH3NogoU5DbACXausKycAooGL1SiYMRhTOZZAS bJbCpfVErs8wag
AifJHYMQaQKBgCYMXrsmItazRAtkHJgVNgdBRtNR/QbLbTOZghPo7jMDnu9wYcJO
nYiV55B9i5555+PMJKqbecJHDttZYTLPla9PRwxA5jiN/1vfC4Kn9CcFRBmN/4at
uyn5a/6RdFTMb8JZnU0FGcAdiGEZSKqaAbyuA5e7X6PZf21mfH0zZylH AoGBAKbn
p/qLT7FlT/TNdwykD2tK7wCVlEFMaX5JNLEwidpZZv0tT4smiYEUJ166Hum/78rX
guCIo7CdbapR75dT5ZkFixld1u19lxbh/QS3oxhdlCxWDdBCDZ9o1MLcNmEc3ZYC
bqP4cG56vxrH3bH4ha223e1D3dTkER4XG1wJYgQxAoGBAIsHAk yKhMgD5gj+7c8X
kjsnSNK8I+WIyk2sUp7zpHzkSPnn/dJ6lRxjkmNuoky6TE/XzMJWDsVdFLdoeueb
hGKDx3hgNrmEJZkMr72B8brX8TvELOWngAbdVH3JJ+7vOug3AL FY8S4VNYryde88
gswyii74LxL7cdALm3rPzU8i
-----END PRIVATE KEY-----

يه اس اس ال وليد بنداز رودامين بايد اوكي بشه

به نظرم مشكل ca كد هست كه داره خطا ميده

مشکل بنده هم همینجاست چجوری ca بسازم که خطا نده روش های خود سایت دایرکت ادمین جواب نمیده.

مشکل بنده هم همینجاست چجوری ca بسازم که خطا نده روش های خود سایت دایرکت ادمین جواب نمیده.

خوب ميخواييد اس اس ال loacal بذاريد ؟ چرا يه اس اس ال معمولي نميگيريد بذاريد

خوب ميخواييد اس اس ال loacal بذاريد ؟ چرا يه اس اس ال معمولي نميگيريد بذاريد

بنده ssl دارم منتها وقتی
CSR میسازم که مثلان برای ترک تراست بفرستم پیغام میده که در بالا گفتم.
اگه میشه یکی روش ساخت csr رو بزاره متشکر میشم. تحت ssh

بنده ssl دارم منتها وقتی
CSR میسازم که مثلان برای ترک تراست بفرستم پیغام میده که در بالا گفتم.
اگه میشه یکی روش ساخت csr رو بزاره متشکر میشم. تحت ssh

ببینید کارتون با این میشه







Certificate Installation: Apache & mod_ssl



Installing your Certificate on Apache with mod_ssl


Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and yourDomainName.ca-bundle

Note: If you received several .crt files in your ZIP file please use this (https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1209)article to make yourDomainName.ca-bundle





Move all of the certificate related files to their appropriate directories.

A typical setup:


Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in /etc/ssl/. This must be a directory which only Apache can access.





Move the yourDomainName.crt and yourDomainName.ca-bundle to the ssl.crt directory, which is typically found in the /etc/ssl/ directory.


Edit the file that contains the SSL configuration with your favorite text editor.
Examples: nano, vi, pico, emacs, mousepad, notepad, notepad++, etc.Note: The location of this file may vary from each distribution. It will be referenced in the Apache global configuration file. Look for the lines starting with include.

Apache Configuration File:

Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
Debian and Debian based: /etc/apache2/apache2.conf


SSL Configuration File:

Some possible names:



httpd-ssl.conf
ssl.conf
In the /etc/apache2/sites-enabled/ directory.

Note: If need be please consult your distribuiton's documentation on Apache and SSL or navigate to the Apache Foundation's Apache2 (http://httpd.apache.org/docs/2.0/mod/mod_ssl.html) Documentation.

In the VirtualHost section of the file please add these directives if they do not exist. It is best to comment out what is already there and add the below entries.


SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle ***




Apache 1.3.x:SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCACertificateFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle
Apache 2.x:SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle
Save your config file and restart the Apache service. It is sometimes required to 'stop' then 'start' Apache, instead of issuing the 'restart' command for the changes to take effect.


Notes:
If you have chosen to have a password on your private key, you will be prompted to enter it each time Apache is started or restarted. Apache will not fully start until the password is entered.

The configuration file is often called httpd.conf or apache.conf, although sometimes the SSL-specific section is placed in a separate file called ssl.conf and linked from the main configuration by an 'Include' command. Sometimes, theVirtualHost section will be in a specific file for that site, in a sub-directory often labelled sites-enabled/.
Much of the layout of Apache's configuration files and directory naming conventions is controlled by the distribution of OS you are using. It is recommended that you look at the distribution's own site and documentation to confirm the locations.