HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   ISPConfig 3 - CentOS 5.4 - SSL Problems!?! (http://www.howtoforge.com/forums/showthread.php?t=41597)

owainbaber 5th December 2009 21:38

ISPConfig 3 - CentOS 5.4 - SSL Problems!?!
 
:confused:I have just done a new installation of CentOS 5.4 and ISPConfig 3, and I set up a domain and now I want an SSL Certificate. I generated one within ISPConfig, I then restarted apache, then accessed the site. Obviously I get the usuall warnings about self signed, but upon viewing the certificate with IE & Firefox I couldn't help noticing that the certificate in use isn't the one I just created, it is the one located at '/etc/pki/tls/certs/localhost.crt' as configured in the apache ssl.conf file (localhost.localdomain). This is the second server that does this, I had no problems installing either server using the Perfect Server tutorial. Is it actually possible to create usable certificates in ISPConfig 3? When I have tried trials of SSL Certificates from the various companies I have the same result.

SSL Error Log:

[Sat Dec 05 20:03:56 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:03:56 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:03:57 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:03:57 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:04:03 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:04:03 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:20:29 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:20:29 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:20:29 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:20:29 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:20:35 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:20:35 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:20:35 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:20:35 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:21:04 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:21:04 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:22:02 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:22:02 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:22:19 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:22:19 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:22:20 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:22:20 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
[Sat Dec 05 20:23:03 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Dec 05 20:23:03 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?

till 7th December 2009 13:20

Your problem is not ispconfig nor the ssl certificate created by ispconfig as you currently dont use the certificate created by ispconfig. To me it looks like you enabled some kind of default ssl vhost in centos that is blocking the ssl port, so that a default cert is used and not the one created by ispconfig. Check the apache config of centos and disable the default ssl vhost and default ssl cert. Then restart apache.

owainbaber 8th December 2009 14:35

Quote:

Originally Posted by till (Post 212882)
Your problem is not ispconfig nor the ssl certificate created by ispconfig as you currently dont use the certificate created by ispconfig. To me it looks like you enabled some kind of default ssl vhost in centos that is blocking the ssl port, so that a default cert is used and not the one created by ispconfig. Check the apache config of centos and disable the default ssl vhost and default ssl cert. Then restart apache.

I'll give that a ago. Thanks for the reply.

qb7 25th July 2011 19:25

How to do this till
 
Quote:

Originally Posted by till (Post 212882)
Your problem is not ispconfig nor the ssl certificate created by ispconfig as you currently dont use the certificate created by ispconfig. To me it looks like you enabled some kind of default ssl vhost in centos that is blocking the ssl port, so that a default cert is used and not the one created by ispconfig. Check the apache config of centos and disable the default ssl vhost and default ssl cert. Then restart apache.

Can you help me? I Think wich i have the same issue.

falko 26th July 2011 17:12

Which distribution do you use? Did you try to access the web site by its domain name, or did you use something else (e.g. IP address, different domain, etc.)?


All times are GMT +2. The time now is 00:00.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.