View Single Post
  #16  
Old 29th March 2006, 22:34
gymsmoke gymsmoke is offline
Junior Member
 
Join Date: Mar 2006
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Default How To ISP Server setup with Ubuntu 5.10 (Breezy Badger)

falko~
Okay. Here's what I did...
root@viperidae:/# openssl genrsa -des3 -passout pass:xXxXxX -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
Generating RSA private key, 1024 bit long modulus
..................++++++
.................................................. .......++++++
e is 65537 (0x10001)
root@viperidae:/#

root@viperidae:/# openssl req -new -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@viperidae:/#

root@viperidae:/# openssl req -x509 -passin pass:xXxXxX -passout pass:xXxXxX -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
root@viperidae:/#

root@viperidae:/# openssl rsa -passin pass:xXxXxX -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
writing RSA key
root@viperidae:/#

root@viperidae:/# chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
root@viperidae:/#

root@viperidae:/root/ispconfig/httpd/logs# cat /dev/null > ./error_log
root@viperidae:/root/ispconfig/httpd/logs# cat /dev/null > ./ssl_engine_log
root@viperidae:/root/ispconfig/httpd/logs# /etc/init.d/ispconfig_server restart
Shutting down ISPConfig system...
/root/ispconfig/httpd/bin/apachectl stop: httpd stopped
ISPConfig system stopped!
Starting ISPConfig system...
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!

root@viperidae:/root/ispconfig/httpd/logs# more error_log
[Wed Mar 29 12:21:37 2006] [notice] caught SIGTERM, shutting down
[Wed Mar 29 12:21:44 2006] [notice] Apache/1.3.34 (Unix) PHP/5.1.2 mod_ssl/2.8.25 OpenSSL/0.9.8a configured -- resuming normal operations
[Wed Mar 29 12:21:44 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)

root@viperidae:/root/ispconfig/httpd/logs# more ssl_engine_log
[29/Mar/2006 12:21:43 13272] [info] Server: Apache/1.3.34, Interface: mod_ssl/2.8.25, Library: OpenSSL/0.9.8a
[29/Mar/2006 12:21:43 13272] [info] Init: 1st startup round (still not detached)
[29/Mar/2006 12:21:43 13272] [info] Init: Initializing OpenSSL library
[29/Mar/2006 12:21:43 13272] [info] Init: Loading certificate & private key of SSL-aware server localhost.localdomain:81
[29/Mar/2006 12:21:43 13272] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2006 12:21:43 13272] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[29/Mar/2006 12:21:43 13272] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: 2nd startup round (already detached)
[29/Mar/2006 12:21:44 13273] [info] Init: Reinitializing OpenSSL library
[29/Mar/2006 12:21:44 13273] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2006 12:21:44 13273] [info] Init: Initializing (virtual) servers for SSL
[29/Mar/2006 12:21:44 13273] [info] Init: Configuring server localhost.localdomain:81 for SSL protocol
[29/Mar/2006 12:21:44 13273] [warn] Init: (localhost.localdomain:81) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
root@viperidae:/# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:mysql *:* LISTEN 7098/mysqld
tcp 0 0 *:81 *:* LISTEN 13273/ispconfig_htt
tcp 0 0 *:ftp *:* LISTEN 13448/proftpd: (acc
tcp 0 0 216.215.55.21:domain *:* LISTEN 13434/named
tcp 0 0 localhost.locald:domain *:* LISTEN 13434/named
tcp 0 0 localhost.localdoma:953 *:* LISTEN 13434/named
tcp 0 0 *:smtp *:* LISTEN 13404/master
tcp6 0 0 *:imaps *:* LISTEN 7008/couriertcpd
tcp6 0 0 *op3s *:* LISTEN 7043/couriertcpd
tcp6 0 0 *op3 *:* LISTEN 7023/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 6988/couriertcpd
tcp6 0 0 *:www *:* LISTEN 13309/apache2
tcp6 0 0 *:ssh *:* LISTEN 7238/sshd
tcp6 0 0 ip6-localhost:953 *:* LISTEN 13434/named
tcp6 0 0 *:https *:* LISTEN 13309/apache2
tcp6 0 0 ::ffff:216.215.55.2:ssh ::ffff:209.208.34:50022 ESTABLISHED7537/sshd: gymsmoke

lynx https://216.215.55.21:81
SSL error:Can't find common name in certificate-Continue? (y) y

[login_logo.png]
Here you can log in:
Username: ____________________
Password: ____________________
Login
(a message comes up saying "Location URL is not absolute") and then an Invalid username... (I don't know what to use here to login initially) ...

Looks like I'm a step closer, since Lynx (local machine) can access this. I still get "Operation timed out when attempting to contact 216.215.55.21" from the remote laptop...

Howerver - Woot!!! After asking me 3 or 4 times to accept a certificate (I tried permanent, but Firefox 1.5 on Ubuntu wouldn't allow that so I took "for this session")... I got the ispconfig Login Screen!!!!!
How do I login initially? And, even more importantly, how to I set the certificates up so they are more applicable than just having all "blanks" and defaults?
Reply With Quote