Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd September 2011, 12:49
msp msp is offline
Member
 
Join Date: Aug 2011
Posts: 41
Thanks: 2
Thanked 2 Times in 2 Posts
Default Moving an SSL cert from another server

Hi there

I previously hosted some websites with a shared host (i.e. 3rd party provider) using IIS on Windows, now I've moved them to my own VPS with ISPConfig installed (i.e. I'm the provider). I'm using "The Perfect Server - Debian Squeeze" installation.

Although I previously used a shared hosting environment, my provider had purchased an SSL certificate for one of my domains (using RapidSSL) and installed it to my site. The certificate was for a domain name as opposed to an IP address.

He has now kindly sent me the certificate file (.pfx) and a separate password which he said is used for installing the certificate. I've checked this certificate and password by installing it on my personal computer (Windows) in the personal certificate store, to verify the password worked okay.

I tried to export the certificate from my personal store in a different format so that I could paste the certificate text into the SSL tab for a site in ISPConfig ... but when I visit the site over https, I get

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.


How do I get this certificate into one of my sites in ISPConfig?

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 3rd September 2011, 16:27
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

You can convert your certificate using

Code:
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
More info at https://www.sslshopper.com/ssl-converter.html
Reply With Quote
The Following User Says Thank You to mentes For This Useful Post:
msp (4th September 2011)
  #3  
Old 3rd September 2011, 16:42
msp msp is offline
Member
 
Join Date: Aug 2011
Posts: 41
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Thanks for that. So now I have a file which reads something like the below.

- Which sections of the below do I paste in to which fields of the SSL tab for my site in ISPConfig?

- Do I include the ---Begin Certificate--- and ---End Certificate--- lines as well?

- Should I be using the "Create Certificate" option, or "Save Certificate"?

- What about entries for state / locality / OU fields? Can these be anything?

Thanks!


Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
friendlyName: [random 70 character code here]
Key Attributes
X509v3 Key Usage: 10
-----BEGIN RSA PRIVATE KEY-----
[13 lines of random code here]
...
...
-----END RSA PRIVATE KEY-----
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: [mydomainnamehere.com]
subject=/serialNumber=[34 character code]=GB/O=www.mydomain.com/OU=[morecode]/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=www.mydomain.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
[20 lines of code]
...
...

-----END CERTIFICATE-----
Reply With Quote
  #4  
Old 3rd September 2011, 22:32
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

Create a certificate in ISPConfig using "Create Certificate" and replace these files with your previus certificate.

/var/www/domain.com/ssl/domain.com.key
/var/www/domain.com/ssl/domain.com.csr
/var/www/domain.com/ssl/domain.com.crt

Then paste the content of domain.com.crt and domain.com.csr in ISPConfig and use "Save Certificate"

* All is explained step by step with screenshoots in ISPConfig 3 Manual
Reply With Quote
  #5  
Old 4th September 2011, 19:16
msp msp is offline
Member
 
Join Date: Aug 2011
Posts: 41
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Thanks.

I downloaded the ISPConfig 3 Manual just now, and read the section about "how do I import an existing SSL certificate into a website that was created later in ISPConfig".

However I have one more problem.

I wasn't given a CSR file by my previous ISP. (The certificate request.) Just a .pfx file.

What should I do? Will I need this csr file?
Reply With Quote
  #6  
Old 4th September 2011, 19:57
mentes mentes is offline
Senior Member
 
Join Date: Aug 2011
Location: Spain
Posts: 132
Thanks: 4
Thanked 15 Times in 13 Posts
Default

Well, .csr has the owner information, like domain, organization, location, ...

I think if you use the same information for generate both certificates (self-signed on ISPConfig and CA signed) you get the same .csr

This means you can use your ISPConfig signed with your CA signed
Reply With Quote
The Following User Says Thank You to mentes For This Useful Post:
msp (4th September 2011)
Reply

Bookmarks

Tags
certificate, install, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig3 mail doesn't work pehden Installation/Configuration 20 9th December 2013 14:05
Sending mail ISPConfig 3 but not receivind catza Installation/Configuration 20 19th May 2010 12:47
The Perfect Server - OpenSUSE 10.3 (32-bit) SSL cert trubble cruz Installation/Configuration 2 25th July 2008 22:38
What can be wrong martin_rudowicz Installation/Configuration 9 11th May 2008 19:42
subdomain and mail relay configuration aranthorn Installation/Configuration 24 3rd September 2007 22:53


All times are GMT +2. The time now is 16:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.