HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSL certificate (http://www.howtoforge.com/forums/showthread.php?t=45255)

Jorem 23rd April 2010 12:40

SSL certificate
 
I am struggling with the SSL certificate for the ISPConfig Control Panel.

I tried to install a certificate to a domain through the control panel to use it for the login: https://www.domain.com:81
But I keep getting errors.

Is there a step by step guide about how to install a SSL certificate in the ISPConfig server?
Which certificate do need to buy?

Hope someone can help. Time to get a real certificate instead of the self signed one :).

Mark_NL 23rd April 2010 13:15

It would be nice if you informed us with the error you're getting ..

Jorem 23rd April 2010 13:33

I got a error for the CSR key that should be 2048 instead of 1024.

Found this in another post that helped out:

1. edit the openssl.cnf.master file
(typically it is in /root/ispconfig/isp/conf)
change the "default_bits" from "1024" to "2048"

2. edit the file config.lib.php
(typically it is in /root/ispconfig/scripts/lib
Change the "1024" to "2048" in the following command:

openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key

3. restart ispconfig (i.e. service ispconfig_server restart)

Waiting for the Certificate from GoDaddy now. Found this topic with a working solutions for GoDaddy. So should also work for me :).
http://howtoforge.com/forums/showthr...=ISPConfig+CSR

demortes 25th April 2010 23:23

Thought I should let you guys know, for those personal non-commercial folks out there, you can get a free SSL certificate from StartSSL. Only costs if you are using it for commercial reasons, and I have installed it absolutely perfectly. They also provide support for their certificates through Jabber, 24 hours a day.

Link: http://www.startssl.com/

Also, they offer free certificates for email encryption and signing. That's another topic however :)

Jorem 26th April 2010 08:13

The install on the domain went fine. But when I want to copy the cert to the ISPConfig apache server it stops working.

I copy the cert to the /root/ispconfig/httpd/conf/ssl.crt directory. After that I changed the httpd.conf file to point to the new cert (default to server.crt).

When I restart ISPConfig server I get a error that it can not start server.

In another post I read about the directory /root/ispconfig/httpd/ssl . But I do not have this directory. Do I need to make it?
What do I need to change in the httpd.conf to get it to work with the new certificate?

For the domain it is working great, only for the :81 now.

createch 26th April 2010 08:59

Try this...

1. Upload the 2 key files from Godaddy to the ssl directory of the domain concerned (gd_bundle.crt and yourname.crt), then

2. In the ISPConfig panel, go to the domain concerned, add the apache directive:

SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
[replace the above # with the domain number]

3. Restart http (i.e. service httpd restart)

Jorem 3rd February 2011 12:50

Still trying to get this to work for the Client Panel (:81).
Domain works fine for almost a year now.

Hope someone can help with adding the ssl cert to my ISPConfig httpd server.

falko 4th February 2011 14:39

Quote:

Originally Posted by Jorem (Post 226462)
The install on the domain went fine. But when I want to copy the cert to the ISPConfig apache server it stops working.

I copy the cert to the /root/ispconfig/httpd/conf/ssl.crt directory. After that I changed the httpd.conf file to point to the new cert (default to server.crt).

When I restart ISPConfig server I get a error that it can not start server.

In another post I read about the directory /root/ispconfig/httpd/ssl . But I do not have this directory. Do I need to make it?
What do I need to change in the httpd.conf to get it to work with the new certificate?

For the domain it is working great, only for the :81 now.

When you try this, are there any errors in the ISPConfig apache error log in /root/ispconfig/httpd/logs/?

Jorem 5th February 2011 00:31

This is the error I get:
[error] mod_ssl: Init: (www.domain.com:81) Unable to configure RSA server private key (OpenSSL library error follows)
[error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I have a GoDaddy vertificate for my domain. But did not get a key file. Or do I have to generate a new one?

falko 6th February 2011 20:59

You have to put the key file that you generated for domain.com into /root/ispconfig/httpd/conf/ (name it ssl.key; make a backup of the old ssl.key first).


All times are GMT +2. The time now is 15:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.