HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Chained / intermediate SSL certificates (http://www.howtoforge.com/forums/showthread.php?t=1566)

max 7th December 2005 03:46

Chained / intermediate SSL certificates
 
Hi,

ispconfig is great, well done to all those involved. Though i did have a bit of trouble with the "perfect" install, mainly due to the fact i have a x86_64 processor, all the answers i need were in this forum, i ended up using sendmail and vsftp with no difficulties.

I am trying to install a CA signed ssl certificate. However as part of the process i need to install an intermediate certificate.
Instructions are as follows:

---------------

INSTALLATION INSTRUCTIONS - APACHE 2.X
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache ssl.conf file and add the following directives:

SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt

- Save your ssl.conf file and restart Apache.

----------------

Now, ISPconfig seems to store ssl info in /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
so the changes i make in /etc/httpd/conf.d/ssl.conf do not seem to do anything.

If i copy the certificate issued by godaddy using the ispconfig web interface it stops the server and apache refuses to start until i re-create the self-signed certificate using a ispconfig.

I am not sure what files i need to update. If someone knows what i need to do, or even where i should start looking, your help would be appreciated.

Thanks,

Max

max 7th December 2005 06:35

if i use a self-signed certificate SSL works fine, but if i use the cert sent to me iapache refuses to start and i get the following messages in the logs:

[Wed Dec 07 16:18:08 2005] [error] Init: Unable to read server certificate from file /home/www/web7/ssl/www.renewablestore.com.au.crt
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

the file /home/www/web7/ssl/www.renewablestore.com.au.crt exists and is readable, and seems to contain the right info.

Thanks,

Max

till 7th December 2005 09:33

Maybe you installed an SSL Certificate that was not created for apache mod_ssl?

max 8th December 2005 02:38

ok ... finally got it sorted. Turns out CA sent me the wrong instructions AND newlines were not cutting and pasting properly (i think they were mangled by email client) when pasting the cert into ispconfig field. Using vi to add the new lines in the cert manually allow apache to start.

How do i get changes i make to the

/etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file to be permanent, this file seems to be recreated every time a new site is added.

i would like to add the following line to Vhosts_ispconfig.conf when ssl is used for a site:

SSLCACertificateFile /etc/pki/tls/certs/CA-bundle.crt

anyone know how to do this?

thanks,

Max

till 8th December 2005 10:41

Put the line in the apache directives field of this website.

max 9th December 2005 05:03

thanks till


All times are GMT +2. The time now is 02:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.