godaddy SSL certificate and Apache's SSLCertificateChainFile

[garagesalegizmo]

I found that the SSLCertificateChainFile which Apache uses does not work for all browsers on the Mac if the SSLCertificateFile was created by godaddy.com

These browsers on the Mac report invalid certificate:
Safari (4.x)
Camino (1.6.x)

These are the only browsers so far I have found which don't work with the certificate.

A manual solution is:
1) Launch application
2) ssh to server
3) upload root certificate chain provided by godaddy to some directory. In my case, gd_bundle.crt, was provided with my domain certificate and I uploaded it to /tmp.
3) Edit /etc/httpd/conf.d/ssl.conf
4) Add 'SSLCertificateChainFile /tmp/gd_bundle.crt'
5) Restart apache with the command, '/usr/sbin/apachectl restart'

Safari and Camino now accept the certificate as valid.

Anyone know how to automate this in cloud foundry?

[1234Cast]

I had exactly the same problem and just do it manually.

I also had a requirement to run php/joomla on the same AMI and created a shell script which I also manually run after startup to install PHP, configure the Apache vhosts file etc.

I really tried to get this all automated but gave up as I dont think its possible at the moment.

[werner5471]

@1234Cast: I also need PHP to run on my server - can you let me know which files you had to adjust in order to make it work?

[1234Cast]

nano startup.sh
chmod +x startup.sh
./startup.sh

~~~~~~~~~startup.sh~~~~~~~~~~~~~~~~~~
#!/bin/sh

yum -y install mod_php php-mysql
yum -y install perl-Digest-SHA1
yum -y install php-xml
yum -y install php-gd

echo "updating rpm's from repos - will take some time"
#need to update for patches and we need php5.2 for what we are doing
cp /vol/www/STARTUP/CentOS-Testing.repo /etc/yum.repos.d/CentOS-Testing.repo
yum -y update

echo "copying http.conf and other vhosts"
rm -f /etc/httpd/conf/httpd.conf
#my own custom httpd.conf
cp /vol/www/STARTUP/httpd.conf /etc/httpd/conf/httpd.conf
#vhost found in /etc/httpd/conf.d/extras.conf


echo "restart apache"
apachectl restart
echo "server ready"
~~~~~~~~~~/startup.sh~~~~~~~~~~~~~~~~~~~~

[werner5471]

Thank you so much! Could you also post / send me the changes you made in httpd.conf? I'm not too familiar with Apache configuration... What does this extras.conf stand for, I can't find it on my server?

[1234Cast]

I am using the Amazon EBS, so I store all my PHP web app files on this (otherwise you lose everything on restart).

So I change the default path to my EBS volume eg #
DocumentRoot "/vol/www/html" in httpd.conf.

have a look inside /etc/httpd/conf.d/*.conf
This is where your apache virtual host info is configured. All I am doing in here is tweaking Apache with standard parameters such as paths, redirects, expiry. Its worth googling Apache vhosts and httpd.conf to understand what they do before you fiddle.