HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Importing existing ssl key/cert into ISPConfig site (http://www.howtoforge.com/forums/showthread.php?t=19564)

zetnsh 18th January 2008 00:04

Importing existing ssl key/cert into ISPConfig site
 
Hi there,

I have created an SSL Site within ISPConfig, but I don't want to create an SSL Certificate - I am migrating a site in from another ISP, and I already have the X509 Key/Cert pair. Whilst I can paste in a CSR (for what it's worth!), and the key, I can't immediately see a way to input the existing private key.

Can anyone give me a clue as to how I might do this with ISPConfig? I can't imagine I'm the first to ask!

Thanks in advance,

Neil

till 18th January 2008 09:46

1) Create a new "dummy" SSL cert in ISPConfig.
2) Replace the key, cert and csr files in the ssl directory of the website with the existing ones from the old server.
3) Replace the ssl cert and csr in the ispconfig interface with your existing csr and cert.

zetnsh 18th January 2008 10:59

That worked great. I think it would be good to build that into ISPConfig though - it should be easy enough to do, I've actually done it myself with a server admin system I wrote a few years ago (which now belongs to my former employer!).

Thanks for the help!

ahsamuel 4th February 2008 19:28

Hi,

i've done that, but i'm not getting it to work.

i filled the fields about the ssl (Country etc), and chose "create certificate" and then pressed save.
then i went back into it and clicked save certificate and save.
then i replaced the .key, .csr and .crt files in the ssl directory
then i copy&pasted the contents of the .csr into the first, and of the .crt into the second field and clicked save certificate.

when i now open my site with https://, i get a wrong cert. , based on the fields i filled with "dummy" stuff.

what i have:
- a .key, a .cert and a self-made .csr (made with the .key)
- got the certificate with my hosting at ovh (they gave me the .key and a dedicated IP, i have a root server there)

i run ispconfig, everything else works fine.

any ideas or more details on how to do this?

zetnsh 5th February 2008 11:32

Difficult to say on this one. I'm not an ISPConfig expert (I've only been using it since August last year), but I wonder if it's the lack of a CSR that could be causing the problem.

Now you don't actually need the CSR in order for the web server to start - that just reads the key and the cert (from separate files such as /var/www/web1/ssl/www.mysite.com.key etc), but I just wonder if perhaps this is causing problems with ISPConfig rather than apache.

What you could do is put the correct .key and .cert files in the relevant directory manually again, don't touch ISPConfig, and restart apache (eg. apachectl restart or /etc/init.d/httpd restart etc).

In fact, if you do apachectl configtest first, that should tell you if the key/cert is valid. You can then test the site again in a browser (close it and re-open just to be sure) to see if it's the right cert. If it is, then you can test again putting the CSR and the Cert into the site's SSL tab in ISPConfig. I've done this successfully, but then again I did have the original CSR used to generate the certificate. I would have thought you might struggle without that.

With this sort of problem, you usually find the solution by careful step-by-step analysis of what's actually going on, and careful reasoning. (aka trial and error!)

Hope you get it sorted. Feel free to post back - not sure I could be any more help though...

Thanks,

Neil

ahsamuel 5th February 2008 11:41

Thank you for your answer, i don't know why, but it somehow fixed itself overnight.

It still brings an error, but i cannot read what the problem is.

maybe someone could check: https://www.hotelvaladon.fr

Thankyou!

zetnsh 5th February 2008 11:45

I tried the link, but it just seems to redirect to http://www.hotelvaladon.com/index.htm

However, trying a random page (eg. https://www.hotelvaladon.fr/afdasdf) gives a 404 (of course) but does show the certificate. It looks fine to me - it's from a trusted CA and valid till 2011, so if I were you, I'd leave well alone while it works ;-)

N

ahsamuel 5th February 2008 11:46

it works with my IE7, but not with FF.

:P

zetnsh 5th February 2008 12:07

I have tried it with Firefox, and I see your point.

It's definately nothing to do with ISPConfig though. It's to do with the Certification Authority who provided the SSL Certificate. I think it's basically because Firefox doesn't have the root certificates for OVH Secure Certification Authority, whoever they are.

Unless I've missed something here, I think the only resolution is to obtain an SSL Certificate from a reputable provider such as Thawte or Verisign (yes, I know Verisign own Thawte now! ;-) Thawte do a reasonably priced budget certificate called SSL-123. But that's still paying twice, unless you can get a refund.

If you go for a less well known SSL provider, unfortunately you run the risk of the CA not being recognised by some of the browsers. In this case, it seems to work with IE7 and Safari, but not in Firefox or Opera.

Thanks,

Neil

ahsamuel 5th February 2008 12:09

Thank you a lot, I'll try and contact them. Will keep you (all) updated.


All times are GMT +2. The time now is 08:18.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.