HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Adding SSL certificate to Site (http://www.howtoforge.com/forums/showthread.php?t=52896)

snowfly 31st May 2011 02:47

Adding SSL certificate to Site
 
Can anyone help me with setting up an SSL certificate for a site on ISPconfig 3?

I have web site that was running perfectly fine on a separate custom debian system (not ISPconfig), with an SSL cert.

And we moved this site to a new ISPconfig3 server.

In the ISPconfig3 interface I pasted the SSL cert into the "SSL Certificate" field on the SSL tab of Web Domain.
And ticked the box for SSL.

However site does not work.
Firefox reports error:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

I cannot find anything in ispconfig logs.

When I view the apache config file (e.g. /etc/apache2/sites-enabled/abc.domain.com) I cannot see any reference of SSL.

On our previous custom server, we had these entries:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/abc.domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/abc.domain.com.key


The SSL tab in ISPconfig has 3 fields:
- SSL Request
- SSL Certificate
- SSL Bundle

Which one does the SSL key file go in?
Which one does the SSL CSR file go in?
And does the SSL cert (*.crt) go in the SSL Certificate box?

Thanks in advance.

till 31st May 2011 12:13

Quote:

Which one does the SSL key file go in?
The ssl key is generated and managed by ispconfig, so there is no field for it. Just createa new ssl cert trough ispconfig and then use the csr that ispconfig created for you and let it sign from the ssl authority.

So the steps to enable ssl for a website are:

1) Check the ssl checkbox in the site settings.
2) Create a new self signed ssl cert in ispconfig on the ssl tab.
3) Let the csr sign from a ssl authority and paste the cert into the sl cert field and choose save.

All ssl authorities lat you resign a cert, so you could reissue your cert based on the ispconfig csr.

Thats also described in detail in the ispconfig 3 manual.

snowfly 31st May 2011 12:54

Thanks Till.

I managed to get the SSL working using the current SSL key/crt files.
As I had no option to re-create a new CSR/CRT, as this would have cost.

I put the current *.crt and *.key files into the sites /ssl/ directory on the ISPconfig server.
And enabled 'ssl' in the site options.

This worked, and ispconfig created the following entries in the apache2 site file:
SSLEngine on
SSLCertificateFile /var/www/clients/client100000/web2222/ssl/xxx.crt
SSLCertificateKeyFile /var/www/clients/client100000/web2222/ssl/xxx.key


All times are GMT +2. The time now is 18:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.