Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Suggest HOWTO

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th June 2007, 04:58
steve1084 steve1084 is offline
Member
 
Join Date: Dec 2006
Posts: 70
Thanks: 8
Thanked 2 Times in 1 Post
Smile cacert.org SSL Chained Certificates for Debian Etch

Hi Till and Falko

I have a Debian etch perfect server with suphp and ispconfig (because of you it works great Many thanks) But I'm finding it a bit tricky learning how to setup and install the cacert.org chained root certificates. ie how to make the request, file locations, etc etc. Information is quite scattered.

There is one howto http://howtoforge.com/secure_website...ssl_and_apache for Federa system but nothing for debian.

Site certificates are easy thanks to ispconfig its just getting the chained certificate for the root setup that seems to befuddle many people. Maybe this could be a future feature of ispconfig to install trusted (cacert.org etc) root chained certificates using ispconfig.

But for the time being is it possible to have a howto for setting up the chained certificates from cacert.org on a debian etch with ispconfig and suphp.

Many Thanks
Steve

Ps I didnt get mpm-itk to work, had many errors. dont have time for further follow up. Maybe this could also be a future howto project as there is almost no useful information out there for beginners to use.
Reply With Quote
Sponsored Links
  #2  
Old 21st June 2007, 15:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I couldn't find anything about this on the cacert.org web site, but on Comodo's web site:
https://support.comodo.com/index.php...barticleid=264

Step two should be what you're looking for.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 22nd June 2007, 16:35
steve1084 steve1084 is offline
Member
 
Join Date: Dec 2006
Posts: 70
Thanks: 8
Thanked 2 Times in 1 Post
Smile

Quote:
Originally Posted by falko
I couldn't find anything about this on the cacert.org web site, but on Comodo's web site:
https://support.comodo.com/index.php...barticleid=264

Step two should be what you're looking for.
Hi FalKo

Thanks for the reply. sorry to be such a noob Im slowly getting there.

I have several more questions. There seems to be no reference to ssl in my apache2.conf file. ssl for individual sites is handled by the Vhosts_ispconfig.conf file.

I take it root server certificates were not created during my install of debian etch or ispconfig, is this correct and if not where will I find the server.crt file. there is no server.crt file in the /etc/ssl/certs folder

Certificates were only created for postfix and then for ispconfig itself, is this correct.

In order to create the certificate request server.crt etc is it enough to use [ openssl req -new -nodes -keyout myserver.key -out server.csr ] as per https://support.comodo.com/index.php...leid=3&nav=0,1 using this then to creat certificate request for cacert.org

and then make reference in my apache2.conf to the created files etc as per https://support.comodo.com/index.php...barticleid=264 is this correct, will this over-ride the individual site certificates

Many thanks
Steve
Reply With Quote
  #4  
Old 23rd June 2007, 21:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by steve1084
Certificates were only created for postfix and then for ispconfig itself, is this correct.
Yes.

Quote:
Originally Posted by steve1084
In order to create the certificate request server.crt etc is it enough to use [ openssl req -new -nodes -keyout myserver.key -out server.csr ] as per https://support.comodo.com/index.php...leid=3&nav=0,1 using this then to creat certificate request for cacert.org

and then make reference in my apache2.conf to the created files etc as per https://support.comodo.com/index.php...barticleid=264 is this correct, will this over-ride the individual site certificates
You can use ISPConfig to create the CSR: http://www.howtoforge.com/faq/14_49_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 23rd June 2007, 22:25
steve1084 steve1084 is offline
Member
 
Join Date: Dec 2006
Posts: 70
Thanks: 8
Thanked 2 Times in 1 Post
Question do I use the same chained certificate for the root as I do for the site?

Quote:
Originally Posted by falko
Yes.


You can use ISPConfig to create the CSR: http://www.howtoforge.com/faq/14_49_en.html

Hi Falko

Forgive me I'm a little confused but this link http://www.howtoforge.com/faq/14_49_en.html is only for the site certificates and not suitable for producing the chained root certificate request server1.myserver.com which is not setup as a website in ispconfig but is what I thought I needed a certificate for.

or do I use the same chained certificate for the root as I do for the site?

Thanks
Steve
Reply With Quote
  #6  
Old 24th June 2007, 20:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by steve1084
or do I use the same chained certificate for the root as I do for the site?
No, but I read from your previous post that you want to generate the CSR for the site on the shell, too. This can be done by ISPConfig instead.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
steve1084 (30th June 2007)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig and SSL Certificates phamels Installation/Configuration 48 2nd April 2009 18:33
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
ssl at cacert.org gabrix Technical 4 16th March 2007 15:01
rebuild ssl certificates for domain change whitty Installation/Configuration 1 6th June 2006 12:12
Chained / intermediate SSL certificates max Installation/Configuration 5 9th December 2005 05:03


All times are GMT +2. The time now is 01:11.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.