HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Where does ISPConfig expect to see server and private kys (http://www.howtoforge.com/forums/showthread.php?t=16183)

chancer 13th October 2007 00:25

Where does ISPConfig expect to see server and private kys
 
Hi, Folks,

This has probably been done before, but I can't do a search because the adverts are totally blocking the search function (FF on Deb Etch <edit>sorry, it's on Ubuntu current version, it's my server which is on Etch</edit>).

Would someone please tell me where ISPConfig would expect to find the server and private keys, respectively, on an SSL enabled domain on an Etch server? Then I can set up the VHosts configuration properly.

Many thanks, in anticipation.

chuckl 13th October 2007 09:45

If you want to enable SSL on a particular website, tick the SSL checkbox for the website and save. This enables an SSL config tab for the site.

I believe they are stored in the /webXX/ssl folder.

chancer 13th October 2007 20:35

Thanks, chukl. Now, I've got a cert from CAcert - should I put that in /webxx/ssl first, or how do I tell ISPConfig where it is now (which is in the wrong place ;) )

chuckl 13th October 2007 20:51

While I'm a Cacert assurer as well, it's a while since I've done this, as I use a homebrew multidomain on 1 IP setup.
The ISPConfig technique, is that you take the Certificate and paste it into the text box provided for the site under the SSL tab that appears when you enable SSL.
I just have a nasty suspicion that you should use a CSR generated in the same place (the SSL tab) for the certificate generation. i.e. generate the signing request there, and cut and paste that into the CaCert form.
ISPConfig then parks the certificate in the correct place for the site, and sets up the paths etc for the secure connection in the Vhosts file.
Thinking about that, that probably takes care of the key, as the ISPConfig key is used to generate the CSR.
You may need to grab the CaCert certificate chain file as well and put it in the ssl folder.

chancer 13th October 2007 22:02

Thanks, once again chuckl. I've never done a ssl cert before. I'm trying to help a few people get into business online so would like to learn my way around alll this and become a CAcert assurer myself.

Perhaps I should go back into the CAcert site and cancel the one I generated, then redo the request via ISPConfig?

chuckl 13th October 2007 22:10

I would definitely suggest that, yes. Generate a CSR in ISPConfig for that site, and cut and paste into an editor. Head for Cacert, cancel the existing one and reissue with the ISPConfig generated CSR, then when the cert arrives, paste into the site SSL tab field.

chancer 13th October 2007 22:18

chuckl, you're a star. Always here to help, too. Do you ever sleep? :)

chancer 13th October 2007 23:40

I'm annoying myself now, chuckl, so if you're finding my questions tedious I don't blame you.

The ISPConfig SSL tab has three open text boxes which are SSL Request:, SSL Certificate: and Action: - Action is actually a three-choice select list.

Do I put the command openssl req -nodes -new -keyout private.key -out server.csr into the first option or select Create certificate from the third?

One thing I must do when this is all over is to contribute the lessons to the wiki. :rolleyes:

till 14th October 2007 14:58

To create a SSL cert in ISPConfig, enter the details for the SSL cert in the fields on the ssl tab and leave the fields ssl-request and ssl-cert empty. Then select "Create" as acrion in the action box and click on the save button. Now wait abaout a minute and you have a working SSL setup with fresh self signed certificates created by ISPconfig.

chancer 14th October 2007 15:36

Thanks, till, but I don't want a self-signed certificate. I want a CAcert signed certificate. What I need to generate at this time is the request.

Many thanks.


All times are GMT +2. The time now is 23:06.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.