SSL and IPs problem.
Hi everyone, I need some help getting SSL working on my ISPConfig setup.
First of all, I am not even sure if I've setup the IPs correctly. I have two private IPs and two public IPs that I can use.
Public IPs (For eg):
From the attachments, I am pretty sure (1) is private ip and (4) is public but not sure about (2) and (3).
So, http://(www.)testsite.com works fine with the current configuration but as soon as I turn on the SSL, it stops working. I don't even have to touch the SSL tab, and I get the "connection was reset" error on Firefox. Also, I get the same error if I go to https://www.testsite.com
Apache log in /var/log/apache2/error.log does not record anything; however, /var/www/web10/ssl/log/error.log has the following:
Did you copy a SSL cert into the ssl directory of the website manually?
Please go to the SSL tab of the site, enter the details for the SSL key and select create as action. Then click on save and wait about a minute. Then try again to connect.
Yes till, it works fine with the self-signed certificate, but when I install a trusted certificate, apache stops working and doesn't restart until I delete the new certificate. I've tried two different certificates, from comodo and rapidssl. Both give the same error that doesn't let the apache to restart.
Ok, you missed to say in your post that you installed a ssl cert that was not created on basis of the csr from ispconfig. If you want to setup a trusted cert, it must be created on basis of the CSR that ISPConfig created for you, otherwise you will get this errors as the private key is not avlid for your certificate.
Another solution is to replace the private key in the ssl direcory of the website with the private key that you used to create the trusted cert.
I did followed the steps listed in the official ISPConfig documentation to create a CSR. Ok, here's what I did:
- Enabled SSL Checkbox
- In the SSL Tab, filled all the information in text-boxes
- In the drop down, selected "Create Certificate"
- Wait for a minute
- In the drop down, selected "Save Certificate"
- Restarted apache and everything working fine (I can access https:// with the popup).
Now, to replace the self-signed cert with trusted cert.
- In the SSL tab, copied the "SSL Request" and sent it to CA.
- They gave me the certificate, and I relaced the default "SSL Certificate" with the one CA gave me.
- "Save certificate"
- Restarted apache, and it stopped working.
As I said, I've tried this with two different CAs. One of them required the SSLCertificateChainFile, I uploaded the chain file and entered the required line the "Apache Directives (Optional)." Both of them give the same error.
Also, I am still confused about the IPs. Should I get more public IPs or Private IPs?
Sorry for being a pain. I am working on it as hard as I can. Thanks for your time.
Your steps are ok, but the error message shows definately that the wrong key is used. Are you really sure that you did not accidently entered the bundle certificate in the SSL certificate field and that you CA did not use another CSR for the cert then the one created by ispconfig?
Yeah, I entered the .crt only not the bundle.
Ok, the modulus of .key and .crt (from CA) do not match, but the they do match in case of .key and .crt (self-signed).
Any idea what I am doing wrong?
Resolved. Did a complete re-install.
For SSL, if going with Comodo, choose "Other" as your CSR generator not Apache's mod_ssl.
|All times are GMT +2. The time now is 02:03.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.