Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th January 2008, 23:04
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default Importing existing ssl key/cert into ISPConfig site

Hi there,

I have created an SSL Site within ISPConfig, but I don't want to create an SSL Certificate - I am migrating a site in from another ISP, and I already have the X509 Key/Cert pair. Whilst I can paste in a CSR (for what it's worth!), and the key, I can't immediately see a way to input the existing private key.

Can anyone give me a clue as to how I might do this with ISPConfig? I can't imagine I'm the first to ask!

Thanks in advance,

Neil
Reply With Quote
Sponsored Links
  #2  
Old 18th January 2008, 08:46
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,419
Thanks: 834
Thanked 5,498 Times in 4,328 Posts
Default

1) Create a new "dummy" SSL cert in ISPConfig.
2) Replace the key, cert and csr files in the ssl directory of the website with the existing ones from the old server.
3) Replace the ssl cert and csr in the ispconfig interface with your existing csr and cert.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
zetnsh (18th January 2008)
  #3  
Old 18th January 2008, 09:59
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

That worked great. I think it would be good to build that into ISPConfig though - it should be easy enough to do, I've actually done it myself with a server admin system I wrote a few years ago (which now belongs to my former employer!).

Thanks for the help!
Reply With Quote
  #4  
Old 4th February 2008, 18:28
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi,

i've done that, but i'm not getting it to work.

i filled the fields about the ssl (Country etc), and chose "create certificate" and then pressed save.
then i went back into it and clicked save certificate and save.
then i replaced the .key, .csr and .crt files in the ssl directory
then i copy&pasted the contents of the .csr into the first, and of the .crt into the second field and clicked save certificate.

when i now open my site with https://, i get a wrong cert. , based on the fields i filled with "dummy" stuff.

what i have:
- a .key, a .cert and a self-made .csr (made with the .key)
- got the certificate with my hosting at ovh (they gave me the .key and a dedicated IP, i have a root server there)

i run ispconfig, everything else works fine.

any ideas or more details on how to do this?
Reply With Quote
  #5  
Old 5th February 2008, 10:32
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

Difficult to say on this one. I'm not an ISPConfig expert (I've only been using it since August last year), but I wonder if it's the lack of a CSR that could be causing the problem.

Now you don't actually need the CSR in order for the web server to start - that just reads the key and the cert (from separate files such as /var/www/web1/ssl/www.mysite.com.key etc), but I just wonder if perhaps this is causing problems with ISPConfig rather than apache.

What you could do is put the correct .key and .cert files in the relevant directory manually again, don't touch ISPConfig, and restart apache (eg. apachectl restart or /etc/init.d/httpd restart etc).

In fact, if you do apachectl configtest first, that should tell you if the key/cert is valid. You can then test the site again in a browser (close it and re-open just to be sure) to see if it's the right cert. If it is, then you can test again putting the CSR and the Cert into the site's SSL tab in ISPConfig. I've done this successfully, but then again I did have the original CSR used to generate the certificate. I would have thought you might struggle without that.

With this sort of problem, you usually find the solution by careful step-by-step analysis of what's actually going on, and careful reasoning. (aka trial and error!)

Hope you get it sorted. Feel free to post back - not sure I could be any more help though...

Thanks,

Neil
Reply With Quote
  #6  
Old 5th February 2008, 10:41
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thank you for your answer, i don't know why, but it somehow fixed itself overnight.

It still brings an error, but i cannot read what the problem is.

maybe someone could check: https://www.hotelvaladon.fr

Thankyou!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot access ispconfig site Nu2Linux Installation/Configuration 13 3rd January 2009 15:29
Changing to SSL for ISPconfig site. Rockdrala Installation/Configuration 6 2nd January 2008 11:47
ubuntu 7.1x (server) - ISPConfig - SSL dbrooke Server Operation 1 24th October 2007 19:04
Enable shell access on existing site gjm General 3 2nd June 2007 17:12
install successful but no ispconfig site Nu2Linux Installation/Configuration 3 3rd November 2005 23:30


All times are GMT +2. The time now is 17:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.