View Single Post
  #7  
Old 4th September 2011, 21:52
msp msp is offline
Member
 
Join Date: Aug 2011
Posts: 41
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Hey

Just to report back a success in case anyone else can benefit from this.

So I generated a certificate request using ISPConfig and entered the same details found in the certificate issued by the trusted CA (Equifax) into the ISPConfig SSL tab.

Actually, my imported certificate had multiple OU entries, and ISPConfig doesn't have the option to input more than one, so I simply entered the first one in the chain of OUs from my certificate.

Then I selected "create certificate" and save.

Using the advice given on the first response to this thread, I converted my PKCS12 certificate into a CER (plain text) using the -nodes switch. This gave me a plain text file with sections for the private RSA key and the certificate. At the top of this file was also the OU and Company name found on the certificate issued by the Trusted CA.

I then replaced the private and public keys into the corresponding certificate files (these are in the SSL folder for a given site created in ISPConfig) but LEFT the CSR (certificate request) file as-is.

Then went back into the SSL tab for the given site in ISPConfig, and pasted-in the certificate text, but LEFT the CSR (cert request) as is there. Then select "save certificate" and save.

Suddenly I was able to browse to the https:// version of my site.

NB Google Chrome did give me a certificate error, and to fix this I had to tell ISPConfig about the public IP address of my server using the menu: ISPConfig > System > Server IP Addresses. I had previously not done this. (I'm using an external name server, I think this is why I didn't have to do that previously.)

After doing this, I found my site on https:// worked with no certificate errors - FIXED.

I found I didn't need to then go back into Sites and set the IP address for the given site. I think the reason for that is specific to the fact I'm not using my server as an NS. (?) However I did this anyway, and it broke my site... I selected the wildcard again, and it worked again... but that's another story.

Hope the above helps someone.
Reply With Quote