HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSL Setup Question (http://www.howtoforge.com/forums/showthread.php?t=12955)

bschultz 27th May 2007 19:19

SSL Setup Question
 
Hi,

I've purchased an SSL Cert from Godaddy, created the key and csr files, and downloaded my cert. All that is fine. Now, I don't know what to do next. What needs to be done in the ISPC admin panel to setup the new cert on an existing site? Where does the cert need to be placed on the server?

Thanks.

Brian

till 28th May 2007 15:09

Copy and paste the certificate to the certificate field in ISPConfig of this website, select save as action and the click on the save button

falko 28th May 2007 17:54

Also take a look here: http://www.howtoforge.com/faq/14_49_en.html

bschultz 28th May 2007 22:31

Thanks for the help, guys. The site shows a generic error page in IE. In Firefox, I get an error code 12263 SSL_ERROR_RX_RECORD_TOO_LONG message.

Any ideas?

falko 29th May 2007 15:32

Any errors in the Apache logs?

bschultz 29th May 2007 16:27

The only thing in the (Apache2) error log was this...

[Mon May 28 14:47:08 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch4 mod_ssl/2.2.3 OpenSSL/0.9.8c configured -- resuming normal operations

And that wasn't even when I tried to access the site in question. There are several of those same messages in the error log.

There were no errors in the /var/log/httpd/ logs.

One other thing...should the Vhosts file for this domain have any SSL comments in it...or does that go someplace else? This is the Vhosts section of this domain:

Quote:

######################################
# Vhost: www.mydomain.com:80
######################################
#
#
<VirtualHost 192.168.1.4:80>
<Directory "/var/www/web4/web">
Options FollowSymLinks
AllowOverride All
</Directory>
ServerName www.mydomain.com:80
ServerAdmin webmaster@mydomain.com
DocumentRoot /var/www/web4/web
ServerAlias mydomain.com
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ErrorLog /var/www/web4/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_flag safe_mode Off
Alias /error/ "/var/www/web4/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web4/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web4/user/$1/web/$3
</VirtualHost>
#
#
#

bschultz 29th May 2007 18:24

I did some further testing (and Googling) and I manually added a separate Vhosts entry for the site at port 443

Quote:

######################################
# Vhost: domain.com:443
######################################
#
#
<VirtualHost 192.168.1.4:443>
<Directory "/var/www/web4/web/ssl">
Options FollowSymLinks
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /certificates/domain.com.crt
SSLCertificateKeyFile /certificates/domain.com.key
ServerName domain.com:443
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/web4/web/ssl
ServerAlias https://domain.com
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ErrorLog /var/www/web4/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_flag safe_mode Off
Alias /error/ "/var/www/web4/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web4/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web4/user/$1/web/$3
</VirtualHost>
#
#
#
I restarted Apache, entered the pass phrase and Apache restarted without errors. I then logged on the https site, and got to the https directory...but, I encountered a certificate error.

Quote:

Unable to verify the identity of domain.com as a trusted site. Possible reasons for this error:
-your browser does not recognize the CA that issued the cert...
-the site's cert is incomplete due to a server misconfiguartion
-you are connected to a site pretending to be domain.com...
This error shows up in Firefox and Safri on a Mac...but not in IE. So, I have three questions:

1-Why the error in Firefox (PC) and Safari (Mac) and not IE (PC)?
2-Will the Vhosts config "stay" after an ISPConfig upgrade
3-Is there any way to not have to enter the pass phrase on reboot of Apache?

Thanks for all the help!

Brian

falko 30th May 2007 17:45

Quote:

Originally Posted by bschultz
One other thing...should the Vhosts file for this domain have any SSL comments in it...or does that go someplace else? This is the Vhosts section of this domain:

When you enable SSL on the Basis tab of the web site in ISPConfig, there should be a second vhost that contains the SSL settings. If you don't see that second vhost: can you post the
Code:

ls -l
output of the directory where Vhosts_ispconfig.conf is in?
What's the output of
Code:

ls -la /root/ispconfig
?

bschultz 30th May 2007 17:52

Thanks Falko...here they are:

Quote:

mail:~# ls -l /etc/apache2/vhosts
total 48
-rw-r--r-- 1 root root 6291 2007-05-29 09:10 Vhosts_ispconfig.conf
-rw-r--r-- 1 root root 4989 2007-05-29 06:28 Vhosts_ispconfig.conf~
-rw-r--r-- 1 root root 5215 2007-05-27 15:50 Vhosts_ispconfig.conf_27-05-07_15-50-35
-rw-r--r-- 1 root root 5213 2007-05-27 15:53 Vhosts_ispconfig.conf_27-05-07_15-53-38
-rw-r--r-- 1 root root 5213 2007-05-27 15:57 Vhosts_ispconfig.conf_27-05-07_15-57-27
-rw-r--r-- 1 root root 5213 2007-05-27 15:57 Vhosts_ispconfig.conf_27-05-07_15-57-50
mail:~#

Quote:

mail:~# ls -la /root/ispconfig
total 100
drwxr-xr-x 9 root root 4096 2007-05-29 06:28 .
drwxr-xr-x 6 root root 4096 2007-05-21 15:47 ..
-rwxr-xr-x 1 root root 34862 2007-05-21 15:47 cronolog
-rwxr-xr-x 1 root root 9673 2007-05-21 15:47 cronosplit
drwxr-xr-x 12 root root 4096 2007-05-21 15:31 httpd
drwxr-xr-x 14 root root 4096 2007-05-21 15:47 isp
-rw-r--r-- 1 root root 8 2007-05-29 06:28 .old_path_httpd_root
drwxr-xr-x 6 root root 4096 2007-05-21 15:30 openssl
drwxr-xr-x 6 root root 4096 2007-05-21 15:47 php
drwxr-xr-x 4 root root 4096 2007-05-21 15:47 scripts
drwxr-xr-x 4 root root 4096 2007-05-21 15:47 standard_cgis
drwxr-xr-x 2 root root 4096 2007-05-21 15:47 sv
-rwx------ 1 root root 9389 2007-05-21 15:47 uninstall
mail:~#

falko 31st May 2007 15:13

Ok, can you rename one of those Vhosts_ispconfig.conf files that have a date at the end to Vhosts_ispconfig.conf and run
Code:

httpd -t
? What's the output?


All times are GMT +2. The time now is 07:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.