View Single Post
  #2  
Old 30th September 2009, 19:08
cdaters cdaters is offline
Junior Member
 
Join Date: Feb 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPConfig website and SSL Cert install

Okay, so this article was helpful. My cert is installed and I can get into the ISPConfig admin GUI okay with the EV SSL encryption.

However, I did NOT use ISPConfig's built in SSL cert generation/install for ISPConfig managed websites to create the CSR to send to COMODO. Instead, I followed COMODO's instructions for generating the CSR for my EV SSL certificate from the command line. The EV SSL that I installed per the instructions in this article is working with fine with the ISPConfig admin GUI, but it is not working for the site that I had configured inside of ISPConfig. How can I install this cert to work with my ISPConfig created website?

My main server FQDN is www.fullcolorenv.com, the site that I set-up/configured in ISPConfig is also www.fullcolorenv.com. Not sure if this is important, but there it is.

I attempted to install the COMODO provided crt and server generated key and csr files into my ISPConfig configured web account's 'ssl' directory, but after I do this and restart ISPConfig, when I attempt to go to https://www.fullcolorenv.com, I am getting messages that the site is not trusted because the certificate appears to be self signed. I notice that there is a key.org file in that directory too, what is this file? I tried installing the ca-bundle that I received from COMODO in my site's ssl folder as the key.org file, but that didn't do anything either.

I have gone into the Vhost config file found in /etc/apache2/vhosts and made sure that the ssl directives are pointing to the appropriate files, I added the SSLCACertificateFile directive and pointed it to the ca-bundle that I copied into my site's ssl directory. Still, I get the "untrusted" message.

I then just outright pointed those directives to where I installed the certificate using the instructions in the post above, and this time I can see a page, but there is a alert message that some items on the page are not encrypted. So I feel that I am close, but I want the site as ISPConfig created it, to work like ISPConfig expects it too....

Last edited by cdaters; 1st October 2009 at 00:29.
Reply With Quote