Thread: SSL not working
View Single Post
Old 9th December 2012, 06:15
ITG ITG is offline
HowtoForge Supporter
Join Date: Nov 2012
Location: Alabama
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post

Ok, enough trolling... figured out whats going on...

read till's response here:

He says basically, create a "dummy" certificate (which i did not do originally). then replace the files with the correct values in each file..

So i'm going to over exactly what i did to export a certificate from plesk 11.0.9 and import it to ispconfig See below!

First, i already had some bad files that i tried to import previously in my sites ssl folder, so first things first, remove those files completely.

Replace any domain.tld with the domain you're working with.

1.) SSH into your server

2.) make sure your /var/www/domain.tld/ssl has no files in them. If it does then rm -f /var/www/domain.tld/ssl/*

3.) Log into your ispconfig 3 control panel and click sites. Then click on the domain you're working with.

4.) Click on the "SSL" tab.

5.) Enter the state, locality, Organisation, Organisation Unit, Country, then use the drop down box and choose the SSL domain (i chose the root because i have DNS cname for www pointing to the root domain name, i would imagine it would work with either)

6.) Make sure ALL other fields are empty. (IE: SSL Request, SSL Certificate, SSL Bundle)

7.) Drop down SSL Action and chose "Create Certificate"

8.) I waited 1 minute for the ispconfig cron job to run. You'll know when you're ready to move to step 9 when you have files in /var/www/domain.tld/ssl ... In there now should be 4 files:

9.) Make a backup of those files in the ssl folder. since it is a dummy certificate i copied them to the /tmp folder for backup. (IE: cp /var/www/domain.tld/ssl/* /tmp )

10.) Now i logged into my plesk panel and clicked on "Tools and Settings" -> "SSL Certificates" then the certificate i wanted in the list.

11.) Highlight the CSR section starting with "-----BEGIN CERTIFICATE REQUEST-----" all the way to "-----END CERTIFICATE REQUEST-----" and right click "copy".

12.) i use putty to ssh into my server, so from here i did a "nano /var/www/domain.tld/ssl/domain.tld.csr" and i pasted the info from step 11 into there and saved that file.

13.) Next i went into the ispconfig 3 panel, under Sites, and clicked the domain i was working with, then the ssl tab and erased whatever was in "SSL Request" and pasted the info from step 11 in there. (DO NOT SAVE YET)

14.) Back in my plesk panel i then highlighted under private key starting from "-----BEGIN RSA PRIVATE KEY-----" all the way to "-----END RSA PRIVATE KEY-----" and right click "copy".

15.) Then i pasted that in the .key file only. "nano /var/www/domain.tld/ssl/domain.tld.key" and i pasted the info from step 14 in there and saved that file.

16.) Next i went back to plesk and highlighted under Certificate everything starting from "-----BEGIN CERTIFICATE-----" all the way to "-----END CERTIFICATE-----" and right click "copy"

17.) Then i pasted that in the .crt file. "nano /var/www/domain.tld/ssl/domain.tld.crt" and i pasted the infor from step 16 in there and saved that file.

18.) Then i also pasted that information in the ispconfig 3 page that should still be open from step 13 and i pasted the info from step 16 in the section labels "SSL Certificate" (DO NOT SAVE YET)

19.) Now i had a CA Certificate in plesk since the certificate came with one when i installed it into plesk. So i highlighted everything under the CA Certificate section and right click "copy"

20.) In the ispconfig 3 control panel, i paste this information under the "SSL Bundle" section.

21.) Then under SSL Action i click "Save Certificate".

22.) rm -f /tmp/domain.tld.* (you want to remove your backup files. Keep everything clean! )
Once i did step 21, at the minute cron job ran from ispconfig 3, i was good to go. My new certificate matched my key, and my problem was resolved.

The issue from my original post was because i never created the dummy certificate. It looks like you MUST do this if you are importing a certificate no matter what. If it were a new certificate i was looking to create, there would have been no issue.

Hopefully this will help someone else in the future. It sure worked for me. Thanks Till from your other post.

Last edited by ITG; 9th December 2012 at 06:18.
Reply With Quote