HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Just installed ispconfig3, problems with ssl certiftcates (http://www.howtoforge.com/forums/showthread.php?t=36909)

littlespelk 22nd June 2009 21:10

Just installed ispconfig3, problems with ssl certiftcates
 
I get the following error message

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)


How do I rectify this?

till 22nd June 2009 21:15

The ssl cert is broken or no ssl cert is installed. Please recreate the ssl cert.

littlespelk 22nd June 2009 21:18

Thanks for your reply.

How do I recreate sll certificates for ispconfig3?

Regards
Littlespelk. (sorry im a newbie here lol.)

till 22nd June 2009 21:26

What do you mean with ssl certificate for ispconfig? ISPConfig 3 has no ssl cert, it is accessed by http and not https (see perfect server guides). The sl certificates for the sites that you created in ispconfig are created in ispconfig on the ssl tab.

littlespelk 22nd June 2009 21:46

I followed the guide and re-did the imapd and pop3d certificates
i get cn name does not match the passed value. error.

Ive named my server tycoon-game.com and used that as my cn value too.


Also the certificate to allow https: pages isnt working

I get " SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long) "

when I try to log in vis https or try to access phpmyadmin via https

Regards
littlespelk

till 22nd June 2009 22:08

You totally mix up different things.

1) imap and pop3 certificates have nothing to do with ispconfig. They are certificates of the pop3 and imap daemon. If you dont like the certificates that come with the linux distribution that you have choosen, then you might have to recreate them. The commands are mkimapdcert and mkpop3dcert. See: http://www.howtoforge.com/forums/sho...07&postcount=5


2) https access for phpmyadmin has nothing to do with ispconfig and is not configured with ispconfig. ISPConfig can be used to create ssl certificates for websites, but phpmyadmin is not part of a website that is created by ispconfig. So you get this error becaue you access a http service that is not configured by ISPConfig by using https.

If you want to use services from your linux distribution with https you will have to create ssl certificates manually for the host that you use to access it.

Master One 25th June 2009 23:36

I just found out, how to force SSL for access to my ISPConfig 3 installation (https://server1.example.tld:8080), which is nicely explained here in the forum, but now I am clueless on how to force SSL for access to phpmyadmin and webmail as well (which in that case are accessible by http://server1.example.tld/phpmyadmin and http://server1.example.tld/webmail right now -> I installed SquirrelMail according to the The Perfect Server - Ubuntu 9.04 [ISPConfig 3], so SquirrelMail is symlinked in /var/www as "webmail -> /usr/share/squirrelmail/").

Both are not under the control of ISPConfig, so what's the best way, that does not interfere with the ISPConfig 3 setup?

Master One 26th June 2009 00:09

Ok, that was easier than expected, so answering myself:

As I already used this proceeding to force SSL on ISPConfig access, which also included the creation of a new self-signed-cert, I just needed to add the symlink "000-default-ssl -> ../sites-available/default-ssl" to /etc/apache2/sites-enabled, and change the cert in /etc/apache2/sites-available/default-ssl (which can be omitted, because it is already preconfigured to use another self-signed-cert from /etc/ssl/certs/).

I decided to add another symlink, and not to change the existing default one, so that phpmyadmin and webmail can be access normally and by SSL.


All times are GMT +2. The time now is 07:55.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.