View Single Post
Old 24th June 2011, 16:49
kextra1 kextra1 is offline
Senior Member
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default Solved ISPConfig Admin Panel w/RapidSSL

This is a brief tutorial on how to install a RapidSSL certificate to be used with your ISPConfig admin panel, webmail, etc. etc. everything on and after*

It's pretty simple, but I'll go into detail for SSL newbie's like me.

I used Enom to purchase the RapidSSL cert for $70 bucks less.

It's actually pretty easy... so I felt like a dummie at first being confused on the different certificate webserver types that could have been correct when purchasing and checking out and all sorts of other small things that weren't documented very well for a person like me buying his 2nd SSL cert.

This includes the new RapidSSL requirements that require at least 2048 when generating the key as well as the newly required "intermediate.crt" they send you with your server.crt, and where to add the path's for the intermediate.crt to ispconfig 2.

It's not rocket science like some of you genious' get into, but I hope it helps some of you guys.

I used ENOM so I could get the $79.95/yr cert for $9.95/yr, but it's pretty much the same if you go directly through


Go to enom and buy the $9.95/yr RapidSSL certificate. (Or rapidssl respectively)

Generate the Certificate in /root/ispconfig/httpd/conf/

or /root/ispconfig/httpd/conf/ssl.crt/server.crt respectively. Shown in the Generate the CSR section below.


The CN, or Common name is important! If Enom or RapidSSL directly will not allow wildcards such as * for the $9.95/yr cert

make sure you use:

ON Enom/RapidSSL: Webserver type "Apache2"


Make sure to use the same CN: on enom as you do when generating the certificate CSR with the commands below. So when entering the CN (Common Name) include the "www" in the domain when purchasing it & generating it so it will work when you go to:


and of course everything else like :81/roundcubemail -or- :81/phpmyadmin etc. etc. it will work.. you get the picture...

So all your Co-Domain forwards and stuff are good to go.

Generate the CSR to submit to ENOM/RapidSSL:
openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024

RapidSSL requires at least 2048 now and and intermediate certificate so use the following when generating it instead of 1024.

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 2048

openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365

openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365

openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key

chmod 600 /root/ispconfig/httpd/conf/ssl.key/server.key

/etc/init.d/ispconfig_server restart

You will get an E-Mail with the new RapidSSL signed certificate.

You'll need to put this new .crt in ISPConfig's server.crt

cp /root/ispconfig/httpd/conf/ssl.crt/server.crt /root/ispconfig/httpd/conf/ssl.crt/server-backup.crt

Now paste the newly issued RapidSSL certificate you got in your email into:


UPDATED 5/16/2011

I found out with all new RapidSSL certs you need to use another cert authority thingy they send you named INTERMEDIATE CA

Make a new file in the following location:


Paste the INTERMEDIATE CA info into intermediate.crt which is at the bottom of the same email they give send u to put in the actual server.crt

Now go to the following file:


Open httpd.conf with your favorite text editor and do a find for "SSLCACertificateFile"

You'll find an already commented out example in httpd.conf

To tell ISPConfig to check the intermediate.crt you created in the steps above simply add this line below:

SSLCACertificateFile /root/ispconfig/httpd/conf/ssl.crt/intermediate.crt

Reboot your server or restart your services and you're done!

Hope this helps someone that was as inexperienced with purchasing new SSL certs as I was!

Oh btw if you're interested you can try this method exactly like I explained it through enom, I believe I still have a few reseller accounts left for $8.50/yr domains and cheap SSL certs...unfortunately $9.95 is as low as the SSL certs get, but at least it's still 70 bucks off. The nice thing was that last year I messed up the first time and they gave me a refund right away so I could resubmit. I think I chose Apache2+mod_ssl or Apache2+OpenSSL instead of just Apache2 when submitting to rapidssl. They seem like a pretty stand up company.

I'm loving all the cool stuff you guys have been posting for ispconfig 2 & 3. I can't wait to get some stuff ready for SVN hopefully sooner than later.

Reply With Quote
Sponsored Links