Hi,

I'm really very new to SSL Certificates.
I found out on this forum that there is finally an instance that provides SSL Certificates for the right price ... Free ! :) (http://www.cacert.org/)

The thing is, I'm not really familiar with SSL Certs, so i signed up, added a domain to it but now I'm kind of stuck :cool:

Could someone help me with a nice and short description of how what and when with these certificates :D

Thanks a lot !

Just signed upto this myself and I am in the same situation... what to do with them... I will have a look over the next day or two and post anything I find out.

Thanks

1) Enable SSL in your ISPConfig website and hit save.
2) Go to the new SSL tab in the website settings in ISPConfig, enter the certificate details and select create as action and click on the save button.
Now you will have to wait about a minute.
4) Go to the SSL tab again, now there is a certificate signing request in the one field, use this request to create a certificate a cacert.org.
5) enter the certificate code you got from cacaert.org in the certificate field on the ssl tab in ispconfig, select "save certificate" as action an click on the save button.

Ok makes sense, but in terms of making the cert on cacert, I have added a domain but when I try and create a certificate you are asked to provide a CSR does anyone know what you need to enter in this part of the form and in what format.

Thanks

CSR = certificate signing request, please see my post above where you get this data from.

Ok seems to work sort of... but the fact that you can only have one ssl per ip address is still the case ?

Is there a way around this?

Thanks

Ok seems to work sort of... but the fact that you can only have one ssl per ip address is still the case ?

yes.

Is there a way around this?

No. This limitation is part of the SSL protocaol, so its neither a apache nor ispconfig limitation.

Fine thanks for your help

1) Enable SSL in your ISPConfig website and hit save.
2) Go to the new SSL tab in the website settings in ISPConfig, enter the certificate details and select create as action and click on the save button.
Now you will have to wait about a minute.
4) Go to the SSL tab again, now there is a certificate signing request in the one field, use this request to create a certificate a cacert.org.
5) enter the certificate code you got from cacaert.org in the certificate field on the ssl tab in ispconfig, select "save certificate" as action an click on the save button.

Hi Till !

Thanks again for such a great and fast response.
Seems to be a problem with my ISPConfig tough, doesn't seem to create me the request code.
where should I start debugging ? :)


Kind regards


Pieter

I'm having the same problem. No CSR showing in it's field but can create one manually.

Hi Till !

Thanks again for such a great and fast response.
Seems to be a problem with my ISPConfig tough, doesn't seem to create me the request code.
where should I start debugging ? :)


Kind regards


Pieter
Any errors in /home/admispconfig/ispconfig/ispconfig.log? What's the output of ls -la /root/ispconfig?

I'm having the same problem. No CSR showing in it's field but can create one manually.
Did you follow these steps?

1) Enable SSL in your ISPConfig website and hit save.
2) Go to the new SSL tab in the website settings in ISPConfig, enter the certificate details and select create as action and click on the save button.
Now you will have to wait about a minute.
4) Go to the SSL tab again, now there is a certificate signing request in the one field, use this request to create a certificate a cacert.org.
5) enter the certificate code you got from cacaert.org in the certificate field on the ssl tab in ispconfig, select "save certificate" as action an click on the save button.

Yup. Looks like some errors but not sure what they mean.

08.02.2007 - 13:43:17 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1888: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
08.02.2007 - 13:43:24 => INFO - Signalfile Set: insert
08.02.2007 - 13:43:28 => INFO - make_ssl_cnf /var/www/web4/ssl/openssl.cnf
08.02.2007 - 13:43:28 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1747: WARNING: could not openssl genrsa -des3 -rand /var/www/web4/ssl/random_file -passout pass:9193edc082a303a -out /var/www/web4/ssl/www.mysite.com.key.org 1024 && openssl req -new -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.csr -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl req -x509 -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -in /var/www/web4/ssl/www.mysite.com.csr -out /var/www/web4/ssl/www.mysite.com.crt -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl rsa -passin pass:9193edc082a303a -in /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.key
08.02.2007 - 13:43:28 => WARN - WARNING: could not open file /var/www/web4/ssl/www.mysite.com.csr
08.02.2007 - 13:43:28 => WARN - WARNING: could not open file /var/www/web4/ssl/www.mysite.com.crt
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web4 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web4 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
08.02.2007 - 13:43:28 => INFO - USER:
mysite.com_jess:x:10012:10004:Jessica:/var/www/web4:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_jess 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_jess 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/.forward
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 113: symlink /var/www/web4/Maildir
08.02.2007 - 13:43:29 => INFO - USER:
mysite.com_aff:x:10022:10004:aff:/var/www/web4/user/mysite.com_aff:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_aff 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_aff 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/user/mysite.com_aff/.forward
08.02.2007 - 13:43:29 => INFO - USER:
mysite.com_spam:x:10023:10004:spam:/var/www/web4/user/mysite.com_spam:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_spam 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_spam 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/user/mysite.com_spam/.forward
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1230: cp -fr /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf~
08.02.2007 - 13:43:30 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1888: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf

and ispconfig directory looks like

[root@server ~]# ls -la /root/ispconfig
total 104
drwxr-xr-x 9 root root 4096 Feb 8 10:51 .
drwxr-x--- 6 root root 4096 Jan 6 15:36 ..
-rwxr-xr-x 1 root root 33124 Dec 4 04:43 cronolog
-rwxr-xr-x 1 root root 9673 Dec 4 04:43 cronosplit
drwxr-xr-x 12 root root 4096 Dec 4 04:22 httpd
drwxr-xr-x 12 root root 4096 Dec 4 04:43 isp
-rw-r--r-- 1 root root 8 Feb 8 10:51 .old_path_httpd_root
drwxr-xr-x 6 root root 4096 Dec 4 04:16 openssl
drwxr-xr-x 6 root root 4096 Jan 16 16:14 php
drwxr-xr-x 4 root root 4096 Dec 4 04:43 scripts
drwxr-xr-x 4 root root 4096 Dec 4 04:43 standard_cgis
drwxr-xr-x 2 root root 4096 Dec 4 04:43 sv
-rwx------ 1 root root 9389 Dec 4 04:43 uninstall


And yes, I am following steps correctly. Looks like some kind of openssl error but not sure what it means.

Sometimes it helps to restart ISPConfig or reboot the server. If that doesn't help, please post the output of
ls -la /var/www/web4/ssl

Hi All!
Atm im having exactly the same problem, on an ubuntu 6.06 perfect + ISPC, followed the info, got same errormessage, after creating ssl cert in ISPC.

Output from
ls -la /var/www/web4/ssl

ls -la /var/www/web4/ssl
total 12
drwxr-xr-x 2 web4_user web4 4096 2007-02-12 11:31 .
drwxr-xr-x 9 web4_user web4 4096 2007-02-12 11:31 ..
-r-------- 1 root root 0 2007-02-01 16:47 .no_delete
-rw-r--r-- 1 root root 963 2007-02-12 11:45 www.mysite.com.key.org

This is the file with the private part of the key.

btw, thanks for making the howto's

Sometimes it helps to restart ISPConfig or reboot the server. If that doesn't help, please post the output of
ls -la /var/www/web4/ssl
Attempted and no difference. Here's results.


total 12
drwxr-xr-x 2 mysite.com_me web4 4096 Feb 8 13:43 .
drwxr-xr-x 11 mysite.com_me web4 4096 Feb 8 13:43 ..
-r-------- 1 root root 0 Dec 14 06:15 .no_delete
-rw-r--r-- 1 root root 963 Feb 8 13:43 www.mysite.com.key.org

Daisy:

Please execute this command as root user:

openssl genrsa -des3 -rand /var/www/web4/ssl/random_file -passout pass:9193edc082a303a -out /var/www/web4/ssl/www.mysite.com.key.org 1024 && openssl req -new -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.csr -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl req -x509 -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -in /var/www/web4/ssl/www.mysite.com.csr -out /var/www/web4/ssl/www.mysite.com.crt -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl rsa -passin pass:9193edc082a303a -in /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.key

Do you get any error message?

I get this error:
0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
................++++++
..++++++
e is 65537 (0x10001)
error on line -1 of /var/www/web4/ssl/openssl.cnf
22010:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/var/www/web4/ssl/openssl.cnf','rb')
22010:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
22010:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:

I got this.

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
......++++++
.............................................+++++ +
e is 65537 (0x10001)
error on line -1 of /var/www/web4/ssl/openssl.cnf
12653:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/var/www/web4/ssl/openssl.cnf','rb')
12653:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
12653:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:

Please create the file /var/www/web4/ssl/openssl.cnf (e.g. like this):
RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = some_password

[ req_distinguished_name ]
C = DE
Lower Saxony
L = Lueneburg
O = Example, Ltd.
IT
CN = example.com
emailAddress = info@example.com

[ req_attributes ]
challengePassword = A challenge password
Then run the command again. Any errors then?

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
...............++++++
................++++++
e is 65537 (0x10001)
error on line 13 of /var/www/web4/ssl/openssl.cnf
28531:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:366:line 13

I'm sorry. The file should look like this:

RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = some_password

[ req_distinguished_name ]
C = DE
ST = Lower Saxony
L = Lueneburg
O = Example, Ltd.
OU = IT
CN = example.com
emailAddress = info@example.com

[ req_attributes ]
challengePassword = A challenge password

nope. No errors now. So what do you think might be the problem and how to fix?

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.................................................+ +++++
......++++++
e is 65537 (0x10001)
writing RSA key

I never responded to this thread, because I thought I couldn't add any insights, because I have created certs with ISPConfig without a problem before, so I thought it would be a local setup problem or something. BUT ....

Today I wanted to add a cert to one of my sites and had the same problem. Using the create function, nothing happened. So looking further, I found the same missing openssl.cnf file. But on my system, when I create that file and use the create function again, the file gets deleted. And of course I don't get a certificate!

I'm still bug hunting but thought I'd give the OP's a heads up. There's some serious weirdness happening.

Thanks for reporting this. I will have a look at this too to get it fixed before we release 2.2.10. Please keep me updated.

I just tested it with the 2.2.10 beta and it works for me on debian 3.1.

Which linux distribution do you use and what exactly did you enter in the input fields on the SSL tab so I can try to reproduce the problem here.

I just tested it with the 2.2.10 beta and it works for me on debian 3.1.I tested with 2.2.9 when I started with ISPConfig and it worked. I removed the certs, put the same server into production (I didn't change the config) and 1,5 months later it doesn't work. I know, they all say that ...... "I didn't touch the system" That's why I'm still trying to figure this out. Also on two other servers (one is even not used for live websites, I never created a site there) suffer from the same problem. Hmmmm, can't remember a Ubuntu package upgrade that could have an impact. The SSL package didn't upgrade past three months, did it?
Which linux distribution do you use and what exactly did you enter in the input fields on the SSL tab so I can try to reproduce the problem here.I'm using Ubuntu 6.10 and besides ISPConfig setup, EVERYTHING is from the distro. No manual package installs/changes. On the SSL tabs I just enter the top 5 fields (using only letters, not even dots), change the dropdown to create and hit save. Monitoring the logfile and the web1/ssl directory shows and error in the logfile and at the same moment the openssl.cnf file is deleted.:confused:

I guess the key to the problem is the openssl.cnf, it must contain some errors. Please try to comment out the line 1754 in the file /root/ispconfig/scripts/lib/config.lib.php:

exec("rm -f $config_file");

So we can have a look at this file.

It was line 1751 in my /root/ispconfig/scripts/lib/config.lib.php :o
Result: RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = 630b6662d66e85e

[ req_distinguished_name ]
C = NL
ST = NH
L = Hilversum
O = Tiempo BV
OU = IT
CN = www.tiempo.nl
emailAddress = admin@tiempo.nl

[ req_attributes ]
challengePassword = A challenge password
But no further juice.

To be exact, there is an updated www.tiempo.nl.key.org file in the ssl subdirectory.

Just an in between update for those reading this thread (and I will be off line for a couple of hours).
The problem is in the part where the csr is created (second command in the script). I've split all statements in separate commands and the scripts fails to execute the line:17.02.2007 - 12:44:51 => INFO - make_ssl_cnf /home/ispwww/web3/ssl/openssl.cnf
17.02.2007 - 12:44:51 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1748: openssl genrsa -des3 -rand /home/ispwww/web3/ssl/random_file -passout
pass:5acd86a494bbb5a -out /home/ispwww/web3/ssl/tiempow02.tiempo.loc.key.org 1024
17.02.2007 - 12:44:51 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1749: WARNING: could not openssl req -new -passin pass:5acd86a494bbb5a -pass
out pass:5acd86a494bbb5a -key /home/ispwww/web3/ssl/tiempow02.tiempo.loc.key.org -out /home/ispwww/web3/ssl/tiempow02.tiempo.loc.csr -days 365 -config /home/
ispwww/web3/ssl/openssl.cnf
17.02.2007 - 12:44:51 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1750: WARNING: could not openssl req -x509 -passin pass:5acd86a494bbb5a -pas
sout pass:5acd86a494bbb5a -key /home/ispwww/web3/ssl/tiempow02.tiempo.loc.key.org -in /home/ispwww/web3/ssl/tiempow02.tiempo.loc.csr -out /home/ispwww/web3/s
sl/tiempow02.tiempo.loc.crt -days 365 -config /home/ispwww/web3/ssl/openssl.cnf
As I've commented the "rm lines" I am able to manually execute the second command root@tiempou01:/home/ispwww/web3/ssl# openssl req -new -passin pass:5acd86a494bbb5a -passout pass:5acd86a494bbb5a -key /home/ispwww/web3/ssl/tiempow02.tiempo.loc.key.org -out /home/ispwww/web3/ssl/tiempow02.tiempo.loc.csr -days 365 -config /home/ispwww/web3/ssl/openssl.cnf
root@tiempou01:/home/ispwww/web3/ssl# l
total 24
0 -r-------- 1 root root 0 2007-01-13 12:53 .no_delete
4 drwxr-xr-x 8 www-data web3 4096 2007-01-14 04:00 ..
4 -rw-r--r-- 1 root root 963 2007-02-17 12:44 tiempow02.tiempo.loc.key.org
4 -r-------- 1 root root 887 2007-02-17 12:44 tiempow02.tiempo.loc.key
4 -rw-r--r-- 1 root root 761 2007-02-17 12:44 openssl.cnf
4 -rw-r--r-- 1 root root 757 2007-02-17 12:47 tiempow02.tiempo.loc.csr
4 drwxr-xr-x 2 www-data web3 4096 2007-02-17 12:47 .
Why the scripts fails to run while the manual action works is unclear to me at this moment. To be continued (but for me tonight, my time)

Strange as the commands in config.lib.php are executes as root user too :confused: Maybe its a timing issue. Please try to add a line:

sleep(2);

before the line 1749 that executes the failing statement.

The problem is due to the fact that cron does not support the $ENV shell variable. Let me explain.

The script /root/ispconfig/scripts/lib/config.lib.php uses the 'openssl.cnf.master' file to create the openssl.cnf file. This file contains on line 1 the statement: RANDFILE = $ENV::HOME/.rndAccording to the documentation this should point to the HOME directory of the user. But (I assume on most distributions) cron does not allow environment variables, or at least $HOME for cron is empty. Why this has ever worked before is a mystery for me. I have had it working on my systems previously. Even during testing today, ISPConfig created once a certificate request!

The solution is to replace the master template /root/ispconfig/isp/conf/openssl.cnf.masterwith this RANDFILE = /root/ispconfig/isp/.rnd

[ req ]
default_bits = 1024
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = {SSL_PASSWORD}

[ req_distinguished_name ]
C = {SSL_COUNTRY}
{SSL_STATE}
L = {SSL_LOCALITY}
O = {SSL_ORGANIZATION}
{SSL_ORGANIZATION_UNIT}
CN = {SSL_COMMON_NAME}
emailAddress = {SSL_EMAIL}

[ req_attributes ]
challengePassword = A challenge password
I have only changed line 1. Be sure to make this change with a Unix editor (I prefer 'vi'). After this, certificates will be generated smoothly. I hope Till or Falko can add this change in the next release.

Wow. Nicely done. While the outcome is the same, I think our cause might be different.

Using FC5 with ISPConfig 2.2.8 there is no .rnd file located under /root/ispconfig/isp. I do have a .rnd located under /root. I cp'd it over to /root/ispconfig/isp/.rnd and made the change to the master and now I get the SSL Request and SSL cert. Worked like a champ.

Just for S&G's I tried it with the master in it's original config after cp'ing the .rnd file into /root/ispconfig/isp and it didn't work.

The .rnd file is generated. It's created when it doesn't exist. No need to copy it over anywhere.

Good to know. I learned something new today. Yaay. Ok. so I deleted file and it still worked. Yaay. So it's a cron thing. So if we update ISPConfig will we have to make this manual change again?

So if we update ISPConfig will we have to make this manual change again?Depends. if the developers incorporate this in the distribution, you don't have to worry about this. I'm pretty confident this fix will be in the next 2.2.10 release :D

Fortunately I don't have developers access ......

I'm pretty confident this fix will be in the next 2.2.10 release :D

I'm feeling pressed... :D

Thanks martin for finding the problem!

Its not directly a cron thing because ISPConfig does not use cron for executing the configuration scripts, but as martinfst pointed out its a missing system variable. We will set it hardcoded in the next release.

What really astonishes me is that it had worked so long and it still works on my servers :confused:

1) Enable SSL in your ISPConfig website and hit save.
2) Go to the new SSL tab in the website settings in ISPConfig, enter the certificate details and select create as action and click on the save button.
Now you will have to wait about a minute.
4) Go to the SSL tab again, now there is a certificate signing request in the one field, use this request to create a certificate a cacert.org.
5) enter the certificate code you got from cacaert.org in the certificate field on the ssl tab in ispconfig, select "save certificate" as action an click on the save button.

I'm using ISP Config 2, I'm logged into the admin panel but I dont see an SSL tab in ISPConfig?

You have to enable the SSL checkbox and click on save before you see the ssl tab.

Hi,
Anyone know how to update the SSl certificates installed?

Do you mean the ones created by ISPConfig, or the ones you bought from your SSL provider?

Just added SSL cert, but no client could connect even in LAN mode, which ports is SSL using? should be a firewall rule to them?

The HTTPS port is 443. Make sure that port is open in the firewall.

There's a rule auto-created inthe ISPConfig Firewall:

SSL (www) 443 tcp Yes

But I think it should be opened 993 for IMAP SSl abd 465 for SMTP-SSL, right?

Ok, are you talking about SSL web sites or email?

mail

http://www.howtoforge.com/forums/showthread.php?p=178985&posted=1#post178985

Ok, then you need to open the ports 993 (IMAPS), 995 (POP3S), and 465 (SSMTP).