<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I was on a vacation this last week and when I went to login to one of my servers I got an SSL warning on my phone. Now this was strange as I recently got a wildcard cert and Chris @ Virtbiz installed it on all of our BX servers and they have been working fine on my desktop PC.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>When I googled the problem many results seemed to indicate that this can happen when the cert bundle is not installed. Your desktop browser might have the bundle from another site you visit and will therefore work but if you done use your mobile browser much then it would not have the bundle and if your own server does not passit right then you get the error.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>So the first thing I did was login to the GUI and sure enough the Cert Authority was shown as installed on all servers.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>So I went looking a bit deeper. I found that the CA certs are put in /etc/admserv/certs/ca-certs and they were there as they should be.<o:p></o:p></p><p class=MsoNormal>I then looked in /etc/admserv/conf.d/ssl.conf and found that despite the bundle being put in /etc/admserv/certs/ca-certs by the GUI they were not called in the SSL.conf for the Admin webserver! Oops.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I found only:<o:p></o:p></p><p class=MsoNormal>SSLCertificateFile /etc/admserv/certs/certificate<o:p></o:p></p><p class=MsoNormal>SSLCertificateKeyFile /etc/admserv/certs/key<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I manually added the following below those two lines:<o:p></o:p></p><p class=MsoNormal>SSLCertificateChainFile /etc/admserv/certs/ca-certs<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>And after running, service admserv restart the certs now work properly.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>So TL:DR, even if you install the CA cert bundle in the GUI the ADMSERV will not call it and it will not work right.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I hope this helps some others.<o:p></o:p></p><p class=MsoNormal>____________<br>M Aronoff Out<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>