Only the first SSL certificate is installed from a SSL CA bundle/certificates chain : CloudBlue Technical Support

Symptoms

Only the first SSL certificate is installed on an Apache website in the following cases:

Case 1: Attempting to install CA certificate chain for website with NG hosting in CCPv1/CCPv2 > Websites > SITE > Webhosting settings/Configure Hosting Settings > SSL tab > Install new CA certificate > Install new CA certificate > Choose File/Clipboard > Provide a file with chain of SSL certificates

As a result, only the first certificate from the chain is uploaded to the webspace location. It can be checked in the file /var/www/vhosts/NFS_SHARE_ID/WEBSPACE_ID/webspace/certs/httpsd.pemca on the NG Web Server.

Case 2: Attempting to install an SSL certificates chain on a branded website in PCP > System > Settings > Brands > BRAND > Certificate > Install new Certificate

Cause

This behavior has been reported to Odin Development team as the request POA-115035: OA can't operate with chain of SSL certificates. This was resolved in Odin Service Automation Premium 7.4.

Resolution

Case 1 (installing a CA chain on a WebHosting Linux webspace):

To resolve issues with a CA chain:

Make sure that Odin Automation 7.3 is installed on the host.
Download this tool to the management node.

Allow the tool to be executed:

chmod +x webhostinglinux-ca-chain-fixer

Place the correct CA chain to the file system.
Run the tool on the management node, specifying the proper path to a CA chain file instead of the <CA_CHAIN_PATH> placeholder, the domain ID instead of the <DOMAIN_ID> placeholder, and the webspace ID instead of the <WEBSPACE_ID> placeholder.

To correct a CA chain by specifying the ID of a domain:
```
./webhostinglinux-ca-chain-fixer --ca_chain_path <CA_CHAIN_PATH> --domain_id <DOMAIN_ID>
```
To correct a CA chain by specifying the ID of a webspace:
```
./webhostinglinux-ca-chain-fixer --ca_chain_path <CA_CHAIN_PATH> --webspace_id <webspace_id>
```
If any errors occur during the execution of the tool, follow the recommendations in the tool's output.

Case 2 (installing a CA chain on a brand):

Consider an update to the latest version of the Odin Automation Premium platform or contact your Technical Account Manager or Pooled Technical Associates team (pta@odin.com) in order to apply an internal workaround for the previous version of the OA Platform.

Internal content

Link on internal Article