HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   New SSL Cert (http://www.howtoforge.com/forums/showthread.php?t=13787)

PoleCat 1st July 2007 16:19

New SSL Cert
 
I have a client that bought a new SSL CERT for his site. I have tried to install it for him, but for some weird reason its not accepting. I can paste the cert in under the SSL tab, I select SAVE cert and click SAVE. But then the old cert is still active for the site. I tried to delete the cert and then HTTPS wont work. Then just dumping in the new CERT, but still doesnt work.

How the heck do i get rid of the self signed freekin cert and replace it with the real thing in ISPC?

PoleCat 1st July 2007 16:55

OK, this is a bug then.

I found the problem. It seems like ISPC _does_ save the file into the new www.sitename.com.crt file under /ssl/, though it does not restart apache.

I manually had to HUP apache and it refreshed it's certificates and loaded the new cert, then it worked fine.

I am running ISPC 2.2.12

Or is this fixed in the new version?

till 2nd July 2007 09:41

Creating a SSL cert works for me in 2.2.14 and the code has not changed since 2.2.12, so I guess its a problem on your server and not a bug. Please check your ispconfig.log file for errors.

PoleCat 2nd July 2007 09:49

Heya,

Creating a self signed is no problem. That restarts apache and installs the cert. Though after you have a self signed certificate and you bought a proper ssl cert, then paste in your bought ssl certificate then hit the "save certificate" tab, and click save, then it does save the new cert in the file, though it does not restart apache.

falko 2nd July 2007 18:56

Which distribution do you use?
Any errors in Apache's error log?

the_spy 2nd July 2007 19:21

I also confirm that when I installed a real ssl certificate for a website, I needed to reboot myself apache to have the right SSL certificate online
It was on 2.2.12 or 2.2.13 when I installed it, on Debian etch + Apache 2

PoleCat 2nd July 2007 20:06

Quote:

Originally Posted by falko
Which distribution do you use?
Any errors in Apache's error log?

Debian 3.1 AMD64
Nope, no errors.

till 3rd July 2007 11:33

We will check this, I added this to the bugtracker.

PoleCat 3rd July 2007 15:51

Cool,

Can I request a feature while we're on this topic.

The certificate was from godaddy, and it worked fine with IE7 and Safari. It however gave CA errors on IE6 and all versions of Firefox.

I ended up installing the intermediate CA certificate, which I had to manually upload and add a directive for apache under ISPC to load the CA.

Is it possible to have another option under the SSL tab to insert a intermediate certificate for this purpose. I see quite a few people on the forum has had this problem before, enabling the option under the SSL tab for a intermediate certificate will simplify administrating other virtual sites as well.

Cheers. ;)

Ben 3rd July 2007 22:52

Well I use 2.2.14 and just got an ssl cerit.
Unfortunately i did not create the csr with ispconfig but I think that should not be a problem?
Anyway I went to the web to ssl, pastet the code of both, the csr and the cert to the page and hit save.
The ispconfig.log show no error, but also nothing about restarting any serice,
e.g. it's rehashing the postfix virtusertable but not restarting it, it's copying the apache conf but not restarting apache. or isn't this shown anymore in the logs?

besides this neither apache2 ist listenning on port 443 nor the Vhosts_ispconfig.conf contains anything about ssl.
Did I forget to enable anything else?
In the ssl folder of the web's dir, there is only the file <hostname>.crt but I guess that's fine?

Edit: After some tests I found, that there's sometime the warning of not beeing able to write the crt file, e.g. i deleted the crt, then pasted only the crt code and clicked on save cert... then the follwing warning appears:

Quote:

03.07.2007 - 22:53:44 => WARN - WARNING: could not open file /home/www/web35/ssl/<domain>.crt
Even if it created the file...


All times are GMT +2. The time now is 08:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.