Test SSL handshake
From a Linux host, you can use the openssl tool to check you certificates and see what is passed to the client during handshake:
openssl s_client -connect example.com:443 -ssl3
So for this site, I would use:
cat /dev/null | openssl s_client -showcerts -servername jonathonwiebe.me -connect jonathonwiebe.me:443
Output should show a valid certificate in the console.
Combined (full chain) certificates
Example combined certificate layout:
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Certificate default locations
Apache web servers on Ubuntu
sudo cp server.crt /etc/ssl/certs sudo cp server.key /etc/ssl/private
nginx web servers on Ubuntu
sudo cp server.crt /etc/nginx/ssl sudo cp server.key /etc/nginx/ssl
Check listening servers using netstat
Netstat is also helpful when check for network/site issues:
netstat -ltunap
Should show a server listening on 80
& 443
If not the server is not running, or mapped to a different port
Verify communication using netcat
Is a firewall blocking traffic? Is the port open?
On the web server
nc -l 443
On the client
nc server.ip 443 -v
They should be able to communicate.
Permissions
.crt
is sent to every machine, needs to be public.
Correct possible permission issues using:
chown root:root /path/to/key.crt
and
chmod 644 /path/to/key.crt
on the .crt file (NOT the private key)
Private keys should never be posted, permissions are also important, secure it using:
chown root:ssl-cert /path/to/privatekey.crt
and
chmod 640 /path/to/privatekey.crt