HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SSL for website isnt working (http://www.howtoforge.com/forums/showthread.php?t=57276)

czdavid 13th May 2012 14:01

SSL for website isnt working
 
Hello,

on my ispconfig3 server isnt working SSL for website (hosted).
Everytime I got this browser error - net::ERR_SSL_PROTOCOL_ERROR

I tried just create seft-signed certificate...

It look like ispconfig havent created directives in apache vhost or I dont know...
Can anyone help me?

falko 14th May 2012 13:02

What's the output of
Code:

ls -la
in the web site's ssl/ directory?

What values did you fill in on the web site's SSL tab in ISPConfig?

czdavid 14th May 2012 13:20

Output ls -la of SSL website folder:

root@myserver:/var/www/intranet.domain.cz/ssl# dir
intranet.domain.cz.crt intranet.domain.cz.key
intranet.domain.cz.csr intranet.domain.cz.key.org

http://morehotelu.eu/ssl.png

VHOST
http://morehotelu.eu/vhost.png

I cant find apache directivities for port 443. Is it ok?

And I havent added any IP address in ispconfig - I used "*" option for websites.
But my server have set one public IP address and websites are working fine on port 80 (http).

FutileFreedom 14th May 2012 15:53

@above:
Make sure in the first tab you have SSL is checked. Also, the Port 443 directives are down below the port 80 virtual host in the file.

http://dl.dropbox.com/u/38978596/ISP...domain_tab.png

Then, when I used cat *d3d* | grep VirtualHost it returned this which shows the port 80 vhost above the port 443.
http://dl.dropbox.com/u/38978596/ISPC-SSL/catgrep.png

Not sure if I'm understanding this right so correct me if I'm wrong.

czdavid 14th May 2012 19:56

Thank you very much.
I havent checked SSL in website settings (like on your screen).

Now is SSL working.

Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?
What happend if some customer activate SSL from his website on same server (same public IP)?

falko 15th May 2012 15:09

Quote:

Originally Posted by czdavid (Post 279075)
Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?

Yes, make backups of the SSL files generated by ISPConfig in the ssl folder, and then place your cert, csr and key in the ssl folder and rename them to the files names of the original SSL files generated by ISPConfig. Restart Apache afterwards.
Quote:

Originally Posted by czdavid (Post 279075)
What happend if some customer activate SSL from his website on same server (same public IP)?

You can enable SNI under Sstem > Server Config on the Web tab. If you use SNI, you can run multiple SSL web sites on one IP (but be aware that not all browsers support this, for example, IE on WinXP has no SNI support; all other browsers are fine).

If you don't use SNI, you must have one IP per SSL web site.

czdavid 15th May 2012 22:28

Thank you ... you are saver.

I have enabled SNI, but SSL Cert. is set for domain1.tld and if I tried https://domain2.tld and that domain use SSL Cerf. from domain1.tld.

I tried Chrome and Opera.

On server is set only one SSL Cert. Is it ok or SNI isnt working?

falko 16th May 2012 11:49

You must enable SSL for both domains (and both domains must have an SSL cert).

czdavid 16th May 2012 13:12

Quote:

Originally Posted by falko (Post 279152)
You must enable SSL for both domains (and both domains must have an SSL cert).

I tried like you described - for both domains is SSL enabled and both have SSL Cert.

Problem is second domain which using SSL cert from first domain - isnt working like you described. Is possible check if is SNI working?
Is necessary select for domains IP address from roll menu or I can use option "*" (Im using option "*" for all of my websites). I mean for SNI and SSL working right.

falko 17th May 2012 12:30

Can you check in the ssl folder of both websites that they use their own certificates, and that both APache vhost files reference these certs?


All times are GMT +2. The time now is 05:50.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.