HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SSL cert configured / created but not served, default SSL cert used only (http://www.howtoforge.com/forums/showthread.php?t=58818)

ronee 21st September 2012 22:12

SSL cert configured / created but not served, default SSL cert used only
 
Hello,

We've been working with ISPconfig 3.0.4.6 and CentOS 6.3 with Apache.

We have duplicated this issue on more than one installation.

Issue is as follows:

- ISPconfig control panel configured with SSL on port 8080
- New SSL cert created or existing imported
- Website configured for SSL and assigned to a specific IP

Despite all the above, the self signed cert created and used for ISPConfig on port 8080 is served up for the configured website and not the cert created or imported for that specific site.

What does work as a hack is to replace the self signed cert normally located in /etc/pki/tls/certs and /etc/pki/tls/private but obviously this does not scale. Another hack is to modify /etc/httpd/conf.d/ssl.conf.

Have also reviewed the ISPConfig manual and not found any further data on this.

Would appreciate any advice on resolving this issue.

Thanks

pititis 22nd September 2012 00:37

Try to check if other website is using * instead ip addresses

ronee 2nd October 2012 06:05

Unfortunately that did not resolve the issue.

We have several servers running ispconfig3 all running CentOS 6. Some have this problem and some do not. We have looked extensively and not found what the difference/cause is.

We just deployed two new servers, one behaves as expected, the other exhibits the following behavior:

http://www.domain.com -- correct site served

https://www.domain.com -- default site - apache test page served, also cert used is the self signed cert used by ispconfig on port 8080

In grepping the vhosts files in /etc/httpd/conf/sites-available for the string '443' the only hit is on the ispconfig vhosts file.

We had to deploy a site so we manually modified our domain.com.vhost file and added a section starting with <VirtualHost IP:443>

The contents of that section was a duplicate of the <VirtualHost IP:80> section with the addition of SSLEngine on and the various SSL file statements within the <IfModule mod_ssl.c> section.

Further modifications to that website within ispconfig did not overwrite the above change.

This resolved the issue but we don't really understand why this and the other described symptoms happen.

We've perused the ispconfig 3 manual and did not find anything there that would explain this.

We found some other threads that describe this behavior that do not have a described resolution (or not one that worked for us) including:

http://www.howtoforge.com/forums/sho...l+default+site

http://www.howtoforge.com/forums/sho...ache+test+page


Would appreciate any input on this.

ronee 2nd October 2012 08:15

As mentioned in other threads, modifying the domain.com.vhost file is not workable as the changes will be overwritten.

Instead we have created an additional ssl-domain.com.vhost file which seems to work OK on a temporary basis.

Thanks in advance to anyone who might shed some light on resolving this.

falko 3rd October 2012 10:39

In ISPConfig 3.0.5, it will be possible to import an existing certificate.

ronee 3rd October 2012 20:34

Hi Falko,

That's good to hear however in this last instance the SSL cert was created and managed entirely in ispconfig and not imported. Also, the issue in this recent case goes beyond just the cert itself as https requests to the site in question reached the apache test page instead due to the missing content that had to be included in the httpd.conf. We had to manually work around this.

Also, in other cases we created the cert in ispconfig and then replaced the files as described in the manual -- however in some cases apache would simply persistently serve the self signed cert used for ispconfig ui on port 8080 no matter what we did. In other cases this did not happen and all was well.

Would be great if some light could be shed on this.

Thanks


All times are GMT +2. The time now is 22:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.