Symptoms
Only the first SSL certificate is installed on an Apache website in the following cases:
Case 1: Attempting to install CA certificate chain for website with NG hosting in CCPv1/CCPv2 > Websites > SITE > Webhosting settings/Configure Hosting Settings > SSL tab > Install new CA certificate > Install new CA certificate > Choose File/Clipboard > Provide a file with chain of SSL certificates
As a result, only the first certificate from the chain is uploaded to the webspace location.
It can be checked in the file /var/www/vhosts/NFS_SHARE_ID/WEBSPACE_ID/webspace/certs/httpsd.pemca
on the NG Web Server.
Case 2: Attempting to install an SSL certificates chain on a branded website in PCP > System > Settings > Brands > BRAND > Certificate > Install new Certificate
Cause
This behavior has been reported to Odin Development team as the request POA-115035: OA can't operate with chain of SSL certificates. This was resolved in Odin Service Automation Premium 7.4.
Resolution
Case 1 (installing a CA chain on a WebHosting Linux webspace):
To resolve issues with a CA chain:
- Make sure that Odin Automation 7.3 is installed on the host.
- Download this tool to the management node.
Allow the tool to be executed:
chmod +x webhostinglinux-ca-chain-fixer
- Place the correct CA chain to the file system.
Run the tool on the management node, specifying the proper path to a CA chain file instead of the <CA_CHAIN_PATH> placeholder, the domain ID instead of the <DOMAIN_ID> placeholder, and the webspace ID instead of the <WEBSPACE_ID> placeholder.
To correct a CA chain by specifying the ID of a domain:
./webhostinglinux-ca-chain-fixer --ca_chain_path <CA_CHAIN_PATH> --domain_id <DOMAIN_ID>
To correct a CA chain by specifying the ID of a webspace:
./webhostinglinux-ca-chain-fixer --ca_chain_path <CA_CHAIN_PATH> --webspace_id <webspace_id>
- If any errors occur during the execution of the tool, follow the recommendations in the tool's output.
Case 2 (installing a CA chain on a brand):
Consider an update to the latest version of the Odin Automation Premium platform or contact your Technical Account Manager or Pooled Technical Associates team (pta@odin.com) in order to apply an internal workaround for the previous version of the OA Platform.