I'm moving an SSL crt and key from one server to a new one. The old one was on a box with cpanel and the new one is just a LAMP Ubuntu box. I've been following tutorials and instructions for hours without getting anywhere. I've created a VirtualHost file listening on 443. All the non-https pages work, as soon as I go to an https page it gives me a connection denied. I tried using digicert.com/help which reports "No certificates found". How exactly do I go about troubleshooting this?
SnapOverflow
The VirtualHost that listens on 443 should have a block that looks something like this:
You would copy the certificate and key files from your old server to the new, and adjust the paths in the configuration file as appropriate.
I have a couple lines in there that pertain to the Certificate Authority I'm using. Particularly, I'm specifying the intermediate certificates with the SSLCertificateChainFile line. You probably will need to do something similar with the files from your CA (look at the CA's docs for the specific files).
Once that's in place, reload apache. If there's a problem, check /var/log/httpd/error.log. Make sure the permissions are correct, i.e., the Apache user can read the above files, and that the private key isn't accessible by others.
If you're getting a connection refused error, either the box isn't listening on port 443 or a firewall is blocking it. You can use
netstat -an | grep :443(on that box) to see if it's listening.Just listening on 443 isn't enough. You'll need to tell apache what certificate to use. If you can retrieve the old one for your server, you just need to configure apache to use it.
This is well documented on apache.org.