It will take up to 30 minutes for the new certificate to be included in
the web server configuration. If there is a problem with the SSL
certificate, an error message will show up in
/var/log/users/yourname and the file cert will be
renamed to cert.rej.
Prior to the inclusion of your vhost in the SSL httpd configuration file,
csoftadm performs a few verifications on the certificate and key.
You may run these checks manually using the following commands:
# For RSA keys:
$ openssl rsa -in key
# For DSA keys:
$ openssl dsa -in key
# Use -passin for keys with passphrases:
$ openssl dsa -in key -passin file:pp
# To read a X.509 certificate fingerprint:
$ openssl x509 -in cert -fingerprint
The following command may be used to read the CN (Common Name) of the
certificate. This value must match your main domain name exactly. Mismatch
of the CN and the main domain is the most common cause of failure.
# To read a X.509 certificate subject:
$ openssl x509 -in cert -subject
For the more adventurous, here
is a little script that will read off lots of data, like above, on both a cert
and a key.