SSL not working
Ok, so i have been trolling the forums, but i can't seem to figure out whats going on. I want to fix this right rather than manually edit my config files if i can help it, so i am going to post this and hopefully i will get some response to fix this.
Here is what I have:
httpd -v reports:
Server version: Apache/2.2.15 (Unix)
Server built: Feb 13 2012 22:31:42
openssl version reports:
OpenSSL 1.0.0-fips 29 Mar 2010
I'm also running on CentOS 6.3 and followed the instructions for install at The Perfect Server - CentOS 6.3 x86_64 (Apache2, Courier, ISPConfig 3)
Pretty much everything is set to stock.. haven't changed any configs manually on the box itself outside of the install instructions.
So here is whats happening. I have a domain name: xyz.com and i created the dns, and created the site. In the settings i used a * for the ipv4 settings originally.. I also checked the box for SSL.
Under the SSL configuration, i imported the request, the certificate, and the bundle from my other webserver. So in my ssl folder, i have three files: xyz.com.bundle, xyz.com.crt and xyz.com.csr
When i go to the site non-ssl http://xyz.com i get the website that belongs there. when i go to https://xyz.com i get the "Apache 2 Test Page for CentOS" instead of the correct website. On top of that, the certificate that shows up there is the certificate for my panel.
It also might be helpful to know that in /etc/httpd/conf/sites-available/xyz.com.vhost only has the <VirtualHost *:80> and not the *:443 line in there.
LOL, i keep forgetting to add items.. So here it goes..
I also attempted to assign a seperate public static ip address to this site and still no avail...Again, the site works fine on http traffic, just not https traffic.
Ok, playing around, i'm still having the issue... so i tried to enable ssl on another site as well, and im getting the same thing on both sites... The dreaded apache test page... grrr..
I'm totally at a loss... :(
Ok, enough trolling... figured out whats going on...
read till's response here: http://www.howtoforge.com/forums/showthread.php?t=19564
He says basically, create a "dummy" certificate (which i did not do originally). then replace the files with the correct values in each file..
So i'm going to over exactly what i did to export a certificate from plesk 11.0.9 and import it to ispconfig 188.8.131.52... See below!
First, i already had some bad files that i tried to import previously in my sites ssl folder, so first things first, remove those files completely.
Replace any domain.tld with the domain you're working with.
1.) SSH into your server
2.) make sure your /var/www/domain.tld/ssl has no files in them. If it does then rm -f /var/www/domain.tld/ssl/*
3.) Log into your ispconfig 3 control panel and click sites. Then click on the domain you're working with.
4.) Click on the "SSL" tab.
5.) Enter the state, locality, Organisation, Organisation Unit, Country, then use the drop down box and choose the SSL domain (i chose the root because i have DNS cname for www pointing to the root domain name, i would imagine it would work with either)
6.) Make sure ALL other fields are empty. (IE: SSL Request, SSL Certificate, SSL Bundle)
7.) Drop down SSL Action and chose "Create Certificate"
8.) I waited 1 minute for the ispconfig cron job to run. You'll know when you're ready to move to step 9 when you have files in /var/www/domain.tld/ssl ... In there now should be 4 files:
9.) Make a backup of those files in the ssl folder. since it is a dummy certificate i copied them to the /tmp folder for backup. (IE: cp /var/www/domain.tld/ssl/* /tmp )
10.) Now i logged into my plesk panel and clicked on "Tools and Settings" -> "SSL Certificates" then the certificate i wanted in the list.
11.) Highlight the CSR section starting with "-----BEGIN CERTIFICATE REQUEST-----" all the way to "-----END CERTIFICATE REQUEST-----" and right click "copy".
12.) i use putty to ssh into my server, so from here i did a "nano /var/www/domain.tld/ssl/domain.tld.csr" and i pasted the info from step 11 into there and saved that file.
13.) Next i went into the ispconfig 3 panel, under Sites, and clicked the domain i was working with, then the ssl tab and erased whatever was in "SSL Request" and pasted the info from step 11 in there. (DO NOT SAVE YET)
14.) Back in my plesk panel i then highlighted under private key starting from "-----BEGIN RSA PRIVATE KEY-----" all the way to "-----END RSA PRIVATE KEY-----" and right click "copy".
15.) Then i pasted that in the .key file only. "nano /var/www/domain.tld/ssl/domain.tld.key" and i pasted the info from step 14 in there and saved that file.
16.) Next i went back to plesk and highlighted under Certificate everything starting from "-----BEGIN CERTIFICATE-----" all the way to "-----END CERTIFICATE-----" and right click "copy"
17.) Then i pasted that in the .crt file. "nano /var/www/domain.tld/ssl/domain.tld.crt" and i pasted the infor from step 16 in there and saved that file.
18.) Then i also pasted that information in the ispconfig 3 page that should still be open from step 13 and i pasted the info from step 16 in the section labels "SSL Certificate" (DO NOT SAVE YET)
19.) Now i had a CA Certificate in plesk since the certificate came with one when i installed it into plesk. So i highlighted everything under the CA Certificate section and right click "copy"
20.) In the ispconfig 3 control panel, i paste this information under the "SSL Bundle" section.
21.) Then under SSL Action i click "Save Certificate".
22.) rm -f /tmp/domain.tld.* (you want to remove your backup files. Keep everything clean! :) )
Once i did step 21, at the minute cron job ran from ispconfig 3, i was good to go. My new certificate matched my key, and my problem was resolved.
The issue from my original post was because i never created the dummy certificate. It looks like you MUST do this if you are importing a certificate no matter what. If it were a new certificate i was looking to create, there would have been no issue.
Hopefully this will help someone else in the future. It sure worked for me. Thanks Till from your other post. :)
|All times are GMT +2. The time now is 21:53.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.