View Single Post
Old 29th March 2006, 22:34
gymsmoke gymsmoke is offline
Junior Member
Join Date: Mar 2006
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default How To ISP Server setup with Ubuntu 5.10 (Breezy Badger)

Okay. Here's what I did...
root@viperidae:/# openssl genrsa -des3 -passout pass:xXxXxX -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
Generating RSA private key, 1024 bit long modulus
.................................................. .......++++++
e is 65537 (0x10001)

root@viperidae:/# openssl req -new -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

root@viperidae:/# openssl req -x509 -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365

root@viperidae:/# openssl rsa -passin pass:xXxXxX -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
writing RSA key

root@viperidae:/# chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

root@viperidae:/root/ispconfig/httpd/logs# cat /dev/null > ./error_log
root@viperidae:/root/ispconfig/httpd/logs# cat /dev/null > ./ssl_engine_log
root@viperidae:/root/ispconfig/httpd/logs# /etc/init.d/ispconfig_server restart
Shutting down ISPConfig system...
/root/ispconfig/httpd/bin/apachectl stop: httpd stopped
ISPConfig system stopped!
Starting ISPConfig system...
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!

root@viperidae:/root/ispconfig/httpd/logs# more error_log
[Wed Mar 29 12:21:37 2006] [notice] caught SIGTERM, shutting down
[Wed Mar 29 12:21:44 2006] [notice] Apache/1.3.34 (Unix) PHP/5.1.2 mod_ssl/2.8.25 OpenSSL/0.9.8a configured -- resuming normal operations
[Wed Mar 29 12:21:44 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)

root@viperidae:/root/ispconfig/httpd/logs# more ssl_engine_log
[29/Mar/2006 12:21:43 13272] [info] Server: Apache/1.3.34, Interface: mod_ssl/2.8.25, Library: OpenSSL/0.9.8a
[29/Mar/2006 12:21:43 13272] [info] Init: 1st startup round (still not detached)
[29/Mar/2006 12:21:43 13272] [info] Init: Initializing OpenSSL library
[29/Mar/2006 12:21:43 13272] [info] Init: Loading certificate & private key of SSL-aware server localhost.localdomain:81
[29/Mar/2006 12:21:43 13272] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2006 12:21:43 13272] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[29/Mar/2006 12:21:43 13272] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: 2nd startup round (already detached)
[29/Mar/2006 12:21:44 13273] [info] Init: Reinitializing OpenSSL library
[29/Mar/2006 12:21:44 13273] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: Initializing (virtual) servers for SSL
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring server localhost.localdomain:81 for SSL protocol
[29/Mar/2006 12:21:44 13273] [warn] Init: (localhost.localdomain:81) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
root@viperidae:/# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:mysql *:* LISTEN 7098/mysqld
tcp 0 0 *:81 *:* LISTEN 13273/ispconfig_htt
tcp 0 0 *:ftp *:* LISTEN 13448/proftpd: (acc
tcp 0 0 *:* LISTEN 13434/named
tcp 0 0 localhost.locald:domain *:* LISTEN 13434/named
tcp 0 0 localhost.localdoma:953 *:* LISTEN 13434/named
tcp 0 0 *:smtp *:* LISTEN 13404/master
tcp6 0 0 *:imaps *:* LISTEN 7008/couriertcpd
tcp6 0 0 *op3s *:* LISTEN 7043/couriertcpd
tcp6 0 0 *op3 *:* LISTEN 7023/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 6988/couriertcpd
tcp6 0 0 *:www *:* LISTEN 13309/apache2
tcp6 0 0 *:ssh *:* LISTEN 7238/sshd
tcp6 0 0 ip6-localhost:953 *:* LISTEN 13434/named
tcp6 0 0 *:https *:* LISTEN 13309/apache2
tcp6 0 0 ::ffff: ::ffff:209.208.34:50022 ESTABLISHED7537/sshd: gymsmoke

SSL error:Can't find common name in certificate-Continue? (y) y

Here you can log in:
Username: ____________________
Password: ____________________
(a message comes up saying "Location URL is not absolute") and then an Invalid username... (I don't know what to use here to login initially) ...

Looks like I'm a step closer, since Lynx (local machine) can access this. I still get "Operation timed out when attempting to contact" from the remote laptop...

Howerver - Woot!!! After asking me 3 or 4 times to accept a certificate (I tried permanent, but Firefox 1.5 on Ubuntu wouldn't allow that so I took "for this session")... I got the ispconfig Login Screen!!!!!
How do I login initially? And, even more importantly, how to I set the certificates up so they are more applicable than just having all "blanks" and defaults?
Reply With Quote