Has anyone successfully done this? Move an Geotrust or any other cert for that matter, from an Ensim server to a Cpanel server?

Have been working on this for a number of days. Of course trying to get a Geotrust rep on the phone is like winning the lottery. Anyway, this should be a very easy thing. I dont think you would even need to re-create the .csr on the Cpanel box. Just copy and paste the cert from the Ensim GUI into the Cpanel GUI. Save it and it should work without a problem. Well almost. The cert installs properly on Cpanel however i cannot get rid of the popup box that says: The cert is issued by a company you have not trusted la di da! Very strange Should not be getting this msgs. Everthing else is correct, the certificate date, the name of the site are correct.

Haven't done it to a CPanel, but just recently did it from Ensim to PlainRH. Should be similar.

I copied server.crt, server.csr, server.key. You might also want to make sure you have ca-bundle.crt in ssl.crt as I think that is what recognizes the authorities.

server.crt, server.csr, server.key is the cert for your hostname? I was referring to a cert on a domain. That would be called primenet.crt etc.

Not sure what CPanel calls them, but that is what they are on Ensim for the site.

/home/virtual/site#/fst/etc/httpd/conf/

ssl.crt:
total 12
drwxr-xr-x 2 root root 4096 Aug 14 12:34 .
drwxr-xr-x 5 root root 4096 Aug 5 20:54 ..
-rw-r--r-- 1 root root 1147 Aug 14 12:34 server.crt

ssl.csr:
total 12
drwxr-xr-x 2 root root 4096 Aug 14 20:49 .
drwxr-xr-x 5 root root 4096 Aug 5 20:54 ..
-rw-r--r-- 1 root root 725 Aug 14 12:26 server.csr

ssl.key:
total 12
drwxr-xr-x 2 root root 4096 Aug 14 20:50 .
drwxr-xr-x 5 root root 4096 Aug 5 20:54 ..
-rw-r--r-- 1 root root 887 Aug 14 12:26 server.key

If CPanel calls them something else, you should be able to just rename them?

If Geotrust signs the key file, and the cert installs properly on the Cpanel box:

Issuer: C=US, O=Equifax Secure Inc, CN=Equifax Secure E-Business CA-2
Validity
Not Before: Apr 18 15:35:48 2002 GMT
Not After : May 2 15:35:48 2003 GMT
Subject: C=Ca, ST=California, L=Fullerton, O=Primenet Solutions, OU=Webhosting

then there should be no reason why we get the error msg that say the issuer is not trusted. I wish somebody at Geotrust woud pick up the phone.

Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:

/etc/httpd/conf/ssl.crt/geotrustefxca.crt

It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company could not be trusted. Just copy the content of the geotrust authority file over to cpanel.

On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/

In your httpd conf, add the bold line, where indicated:

SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt


Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.

Done! No more untrusted messages.

Thanks for the how-to. I'll be doing this in about 2 weeks, this saves me some frustrations. I owe you a beer.

Where did you get your State of Authority for your ensim server? I found out yesterday that some of my clients are receiving errors, but like me - I am not so I did not know this was an issue. I wish RackShack would provide a little more help on this issue. They just give the installation guide from GeoTrust which is not much help!

Any help is appreciated!

Thanks,
Scott

Mine came with my certficiate. I received my cert and my SOFAuth.

acronym, did you sort out your problem ? I have the same , I use geotrust and 50% of my customers can't access my https page. I always can so I don't know whay this happens. Maybe some incompatibility. Please let me know if you found some solution.