Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th June 2007, 21:42
isalandr isalandr is offline
Junior Member
 
Join Date: Jun 2007
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL and ISPConfig/Apache issues (Help!)

we're trying to get SSL support working under ISPConfig (and/or Apache) and it's just not working. i'm hoping somebody here might have some suggestions.

it's a SLES10 machine with postfix-2.2.9-10 with courier-imap-4.0.6-15, apache2-2.2.3-16.2, mysql-5.0.18-20.8, i can't find the version number for ISPConfig, but i'm pretty sure it's the latest release,it was only installed last month.

the system is hosting about 20 or so virtual domains, and we want to enable squirrelmail over SSL, but we're having trouble getting apache to work with ssl properly. we don't know if this is an ISPConfig problem or something else in apache, so i'm here asking for help.

uname -a returns Linux <hostname removed> 2.6.16.27-0.9-smp #1 SMP Tue Feb 13 09:35:18 UTC 2007 i686 i686 i386 GNU/Linux

we're using openssl-0.9.8a-18.13, and that appears to be installed correctly. Webmin and postfix/courier are using SSL with no problems at all, webmin in particular runs on https perfectly. i can connect to pop3/pop3s, imap/imaps, all of that stuff works without a hitch.

but, when we try to connect to apache on any port via https, it doesn't work. we can connect to http://domain:80 and http://domain:443, but without ssl. i've tried everything i can think of, followed a number of howtos and advice from quite a few troubleshooting tips and tricks, but to no avail. nothing we try works. we've tried enabling SSL via the ISPConfig control panel, that doesn't seem to help either. what are we doing wrong?

if you need to see the various config files and so on, let me know. anyone with suggestions or questions can e-mail me directly, mac AT triad DOT ath DOT cx. we're kind of under a deadline, i'd like to get this sorted before the server has to go live. we can go live without SSL if we have to, but we'd really prefer to have this working first. thanks in advance for any help.

--Mac
Reply With Quote
Sponsored Links
  #2  
Old 7th June 2007, 10:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Have you enabled SSL as described here:

http://www.howtoforge.com/perfect_se...ensuse_10.2_p7

The configuration for SLES should be similar.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 7th June 2007, 18:20
isalandr isalandr is offline
Junior Member
 
Join Date: Jun 2007
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes, SSL and Apache are configured just as that Howto says to do them.

what's happening is, everything indicates that we have to use the line "SSLEngine On" for the virtual host we want to enable SSL with. but if we use that, at startup Apache returns this error:

"[error] Init: Multiple RSA server certificates not allowed"

obviously it's loading another certificate somewhere, or thinks it is. we can't for the life of us see where in the config it's doing that, though, which is what makes me thing maybe it's something in ISPConfig, 'cause we can't find anything in Apache that might be responsible. perhaps we're looking in the wrong place or looking for the wrong thing?

this document
http://groups.google.com/group/alt.a...5512850d44ca97

indicates that this might be a problem with Apache and a statically compiled mod_ssl, and that recompiling Apache with mod_ssl as a DSO worked for him. i'm not sure that's our answer, but i'm running out of ideas, and it seems like an awful lot of folks have had issues getting SSL working under Apache 2.2.x.

any further suggestions before i either try to recompile with mod_ssl as a DSO or uninstall Apache 2.2.3 and revert to Apache 2.0.59?

thanks again
--Mac
Reply With Quote
  #4  
Old 7th June 2007, 22:54
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Single IP address?
Reply With Quote
  #5  
Old 7th June 2007, 23:49
isalandr isalandr is offline
Junior Member
 
Join Date: Jun 2007
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

well, technically it has two IP addresses. the machine has two NICs, configured with one public IP address and one private IP address. it is set up to listen for internet traffic on the public IP and local network traffic on the private IP.

Apache and pretty much most all other services are set up to listen on both interfaces. could this be causing a problem? the current apache config doesn't name any addresses specifically, it uses *:80 and *:443 for pretty much everything.

what i can't figure out is where that error "Multiple RSA server certificates not allowed" is coming from when we load SSLEngine On. we've tried using Listen 443 https in listen.conf but that returns the same error. my guess is, it's calling SSL from somewhere else during apache's initial startup, but buggered if i can see where.
Reply With Quote
  #6  
Old 8th June 2007, 08:31
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Without doing a bit of 'cheating', you can only have one SSL cert per IP address. See here:

http://www.howtoforge.com/forums/showthread.php?t=13215
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Not all virtual hosts work - ispconfig/apache dmtrotter Server Operation 6 30th January 2007 12:45


All times are GMT +2. The time now is 13:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.