Alright, couple things to say first, I'm a newb, learning as quick as I can without asking too many questions but some questions can't be avoided.

My boss wants webmail.mydomain.com to be secure. I've seen where you can rewrite to send people there but it doesn't work or I'm just setting it up incorrect.

I'm using Roundcube as the webmail portion and I setup a second site "webmail.mydomain.com". If I go to http://webmail.mydomain.com it will bring me to the site root that ISPConfig configured. If I go to https://webmail.mydomain.com it will bring me to /var/www/html/ and show me apache's default page.

I'm not sure what info you might need to help me out, so just tell me what you need and I'll post it.

Thanks for any help!

Josh.

You must enable the SSL-Checkbox in the website webmail.mydomain.com, then hit save, open the website settings again, go to the SSL tab and enter the details for the SSL certificate. Then select create certificate as action and hit save again.

Ive' done that for the root site however another problem arises that I forgot to mention on my first post.

When I try to create a CSR I enter in all the info needed, select "Create Certificate" and click save. Nothing happens. I go back to the SSL tab and there is nothing there in the SSL Request. I've waited up to 15 minutes and I don't get anything. Am I doing something wrong?

Besides that, how do I get ISPConfig to point web traffic that goes to webmail.mydomain.com -> https://webmail.mydomain.com ?

Do you get any errors in the ispconfig logfile /home/admispconfig/ispconfig/ispconfig.log ?

Yup, looks like I do. Here it is:

Might be a permissions issue?


12.02.2007 - 13:34:38 => INFO - Signalfile Set: insert
12.02.2007 - 13:34:43 => INFO - make_ssl_cnf /var/www/web1/ssl/openssl.cnf
12.02.2007 - 13:34:43 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1747: WARNING: could not openssl genrsa -des3 -rand /var/www/web1/ssl/random_file -passout pass:6c54a4d31d5ac3b -out /var/www/web1/ssl/myhostname.com.key.org 1024 && openssl req -new -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.csr -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl req -x509 -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -in /var/www/web1/ssl/myhostname.com.csr -out /var/www/web1/ssl/myhostname.com.crt -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl rsa -passin pass:6c54a4d31d5ac3b -in /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.key
12.02.2007 - 13:34:43 => WARN - WARNING: could not open file /var/www/web1/ssl/myhostname.com.csr
12.02.2007 - 13:34:43 => WARN - WARNING: could not open file /var/www/web1/ssl/myhostname.com.crt


I'm still curious on the other part of this problem. accessing https://webmail.myhostname.com brings me to a default apache page and not a default ISPConfig page or to the root of the current webpage. Is there a way to direct that https request to a different directory that isn't part of the root dir for the rest of the website? Not sure how to fix that problem or will it get fixed with the SSL cert fix?

Thanks again.

I dont think its a permission issue as the command is run as root user.

Please execute the following command as root user manually:

openssl genrsa -des3 -rand /var/www/web1/ssl/random_file -passout pass:6c54a4d31d5ac3b -out /var/www/web1/ssl/myhostname.com.key.org 1024 && openssl req -new -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.csr -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl req -x509 -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -in /var/www/web1/ssl/myhostname.com.csr -out /var/www/web1/ssl/myhostname.com.crt -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl rsa -passin pass:6c54a4d31d5ac3b -in /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.key

Do you get any errors?

I changed the code to be for the domain of ours, this is what I get:


0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
..............++++++
.................................................. ......................++++++
e is 65537 (0x10001)
error on line -1 of /var/www/web11/ssl/openssl.cnf
28303:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/var/www/web11/ssl/openssl.cnf','rb')
28303:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
28303:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:


The file /var/www/web11/ssl/openssl.cnf is an empty file, nothing in it.

Take a look here: http://www.howtoforge.com/forums/showthread.php?t=10421&page=2&highlight=%2Fvar%2Fwww%2Fweb4%2Fssl%2Fopenssl.cnf

Alright, followed those instructions. Had to fix the openssl.cnf (some fields were missing from what you posted), tried to register it with cacert.org:

CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.

:-/ Common name was there.....Why isn't ISPConfig doing this properly?

Why isn't ISPConfig doing this properly?
ISPConfig is creating proper SSL certificates when you enter all and correct information in the ISPConfig interface. What did you enter exactly on the SSL-tab of the website?