Chained / intermediate SSL certificates
ispconfig is great, well done to all those involved. Though i did have a bit of trouble with the "perfect" install, mainly due to the fact i have a x86_64 processor, all the answers i need were in this forum, i ended up using sendmail and vsftp with no difficulties.
I am trying to install a CA signed ssl certificate. However as part of the process i need to install an intermediate certificate.
Instructions are as follows:
INSTALLATION INSTRUCTIONS - APACHE 2.X
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache ssl.conf file and add the following directives:
SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt
- Save your ssl.conf file and restart Apache.
Now, ISPconfig seems to store ssl info in /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
so the changes i make in /etc/httpd/conf.d/ssl.conf do not seem to do anything.
If i copy the certificate issued by godaddy using the ispconfig web interface it stops the server and apache refuses to start until i re-create the self-signed certificate using a ispconfig.
I am not sure what files i need to update. If someone knows what i need to do, or even where i should start looking, your help would be appreciated.
if i use a self-signed certificate SSL works fine, but if i use the cert sent to me iapache refuses to start and i get the following messages in the logs:
[Wed Dec 07 16:18:08 2005] [error] Init: Unable to read server certificate from file /home/www/web7/ssl/www.renewablestore.com.au.crt
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
the file /home/www/web7/ssl/www.renewablestore.com.au.crt exists and is readable, and seems to contain the right info.
Maybe you installed an SSL Certificate that was not created for apache mod_ssl?
ok ... finally got it sorted. Turns out CA sent me the wrong instructions AND newlines were not cutting and pasting properly (i think they were mangled by email client) when pasting the cert into ispconfig field. Using vi to add the new lines in the cert manually allow apache to start.
How do i get changes i make to the
/etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file to be permanent, this file seems to be recreated every time a new site is added.
i would like to add the following line to Vhosts_ispconfig.conf when ssl is used for a site:
anyone know how to do this?
Put the line in the apache directives field of this website.
|All times are GMT +2. The time now is 02:28.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.