Tag Archives: positive ssl intermediate certificate

Comodo PositiveSSL Intermediate Certificate Install on WHM 11.46.2

The TL;DR version:

1. Download the following PositiveSSL bundle file: CABundle.txt (hosted on pastebin.com)
2. Upload this file into /var/cpanel/ssl/installed/cabundles
3. Open up /usr/local/apache/conf/httpd.conf and search for the domain in your VirualHost config
4. Find the 2 lines starting with SSLCertificateFile and SSLCertificateKeyFile and directly below those 2 add the following:

SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/CABundle.txt

5. Save the file, restart Apache. Done!

The story behind it all….

So I recently purchased a SSL certificate through Namecheap for one of my domains. I choose Comodo and after following through the activation process received my SSL info in my email.

I got the private key and the certificate uploaded through cPanel for the domain. Everything was going smooth until I tested the SSL for the domain at https://www.sslshopper.com/ssl-checker.html

It said that the SSL was setup and I was able to verify by visiting the https:// version of the site but it said that the intermediate certificate was missing. Queue me spending the last 2 days pouring through tutorials trying to figure out how to get the damn intermediate certificate working….

After getting the private key and certificate setup in cPanel I went into WHM to make sure things were setup properly. Going into SSL/TLS -> Install an SSL Certificate on a Domain in WHM and then clicking on Browse Certificates and selecting the one for my domain I was presented with the already loaded certificate and private key.

However, I noticed that the Certificate Authority Bundle (optional) text area was empty and thus why www.sslshopper.com was reporting the intermediate as missing.

From reading the tutorials online I found that most providers will ship you a “bundle” file with the SSL certificate. But of course, since I chose to use Comodo they ship you a .zip file with 4 files inside of it. So as my patience was wearing very thin I contacted Namecheap SSL support in my last moments of desperation hoping they could assist. I was connected with Kristina who was able to provide me with a bundle file that I was in search of in less than 2 minutes.

Hopeful, I opened up the .txt file that she provided and copied the contents into the Certificate Authority Bundle text area and was greeted with a green check mark simulating that it was all good. So I went ahead and clicked on the blue Install button and got the confirmation everything went through. Back to www.sslshopper.com I go expecting everything to show as ok and still the same error about the intermediate not being there.

I went back to the SSL install area in WHM and loaded up the info for the domain and noticed the Certificate Authority Bundle text area was still empty. Looking around online I found other users with similar issues. Apparently for some reason, even though you add the intermediate bundle into WHM it doesn’t actually save it onto the server…go figure.

So I connected to my server and uploaded the bundle Kristina provided into the /var/cpanel/ssl/installed/cabundles directory that was empty. Afterwords, I opened up /usr/local/apache/conf/httpd.conf and searched for my domain in the VirtualHost area.

I noticed the following lines located near the bottom for my domain:

SSLCertificateFile /var/cpanel/ssl/installed/certs/[certfile].crt
SSLCertificateKeyFile /var/cpanel/ssl/installed/keys/[keyfile].key

From finding users with similar issues to mine I found I was completely missing a line from that file. Below each of those files I added the following line:

SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/CABundle.txt

Where the CABundle.txt file is the one provided to me by Kristina, saved the file and then went back to SSL shopper to confirm it was working. Same error…..turns out you need to restart Apache for it to update. So after restarting Apache I was finally met with a wonderful screen on SSL Shopper showing me that the intermediate certificate was indeed installed!

So a huge shoutout to Kristina who works in the Namecheap SSL Support department as she saved the day for me!