Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th February 2013, 05:09
Unfaiir Unfaiir is offline
HowtoForge Supporter
 
Join Date: Jul 2012
Location: Orange County, CA, USA
Posts: 43
Thanks: 14
Thanked 4 Times in 2 Posts
Question Need Help For Certified SSL Install For Alias Domain

I have a subdomain set up as a site (because I like that better than using the subdomain feature): subdomain.domain.com

I have an alias for this subdomain: www.aliasdomain.com

I've used open SSL to create a CSR, sent it to the CA and received the Server Cert, Intermediate Cert and Root Cert back from them.

I've uploaded my private key, and all certs to /var/www/clients/clientX/webX/ssl (this is the client & web for subdomain.domain.com).

In ISPConfig 3, I've pasted the Server Cert into the SSL Certificate field, the Intermediate Cert followed by the Root Cert into the SSL Bundle field, and then selected Save certificate from the drop down and clicked Save.

When I check my domain under https it says "Wrong Site" and "Unknown Identity", and then even further, in Chrome it even shows me in the browser what I have in /var/www/html instead of whats in /var/www/clients/clientX/webX/ssl... which I just don't get, but I'm sure it has something to do with the SSL cert not being properly installed.

Can someone PLEASE help? What am I doing wrong to get this cert to work for an ISPConfig 3 alias?
__________________
We are not equal
Reply With Quote
Sponsored Links
  #2  
Old 7th February 2013, 06:35
Unfaiir Unfaiir is offline
HowtoForge Supporter
 
Join Date: Jul 2012
Location: Orange County, CA, USA
Posts: 43
Thanks: 14
Thanked 4 Times in 2 Posts
Cool Found Workaround! Seems OK So Far! But Is It Really?

After trying several different things through the ISPConfig 3 SSL Tab, adding in some SSL file uploads, and pouring myself a glass full of Tequila I finally found something that worked:

1.) Use ISPConfig 3 SSL Tab to create a self signed SSL cert for domain.com
2.) Make a backup of the files domain.key, domain.csr and domain.crt in /var/www/clients/clientX/webX/ssl
3.) Rename certified SSL files domainalias.key, domainalias.csr and domainalias.crt to domain.key, domain.csr and domain.crt and then upload them, along with the Root Cert and Intermediate Cert, to /var/www/clients/clientX/webX/ssl
4.) Then restart Apache: httpd service restart

This seems like the best way to do it because if ISPConfig 3 make changes to the vhost file then the SSL pointers in there will still match the certified SSL files.

If anyone has a better way please let me know. Hope this helps someone out!
__________________
We are not equal
Reply With Quote
  #3  
Old 7th February 2013, 10:28
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,768
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Your problems occureed because you did not create the first ssl cert in ispconfig and that you did not use a multidomain cert, take a look into the ispconfig manual, the steps to create a ssl cert in ispconfig are described there in detail.

If a site has more then one domain name, then choose a multi domain ssl cert when you buy it at the ssl authority. The ssl authority will ask you for the additional domain names, so there are no changes required in your ispconfig setup for that.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Eleven Cool (7th February 2013)
  #4  
Old 7th February 2013, 12:03
Unfaiir Unfaiir is offline
HowtoForge Supporter
 
Join Date: Jul 2012
Location: Orange County, CA, USA
Posts: 43
Thanks: 14
Thanked 4 Times in 2 Posts
Cool

Quote:
Originally Posted by till View Post
Your problems occureed because you did not create the first ssl cert in ispconfig and that you did not use a multidomain cert, take a look into the ispconfig manual, the steps to create a ssl cert in ispconfig are described there in detail.

If a site has more then one domain name, then choose a multi domain ssl cert when you buy it at the ssl authority. The ssl authority will ask you for the additional domain names, so there are no changes required in your ispconfig setup for that.
Thanks for the reply Till!

I did look through the manual but it does not cover what I faced with this particular case. I needed the cert to cover the Domain Alias, not the actual domain. ISPConfig's SSL Tab doesn't allow you to choose a domain alias when having it create a SSL cert via pasting. ISPConfig's SSL Tab limits you to the current domain only.

Because you are limited to only choosing the current domain, ISPConfig writes file references to ssl files for the current domain in the vhost file when you create any ssl using the tab.

Therefore, I needed an alternative solution that was compatible with ISPConfig. Hopefully this feature is added in a future release, but this seems to be doing the trick pretty safely in the meantime.

Also, I did setup a self-signed ssl cert in ISPConfig during initial setup, however, neither a self-signed cert nor a multi-domain cert were desired in this case.
__________________
We are not equal
Reply With Quote
  #5  
Old 7th February 2013, 13:09
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,768
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

You could have e.g. exchanged the alias domain name with the main domain name, as the ssl domain is normally the main domain of a site.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Eleven Cool (7th February 2013)
  #6  
Old 7th February 2013, 14:04
Unfaiir Unfaiir is offline
HowtoForge Supporter
 
Join Date: Jul 2012
Location: Orange County, CA, USA
Posts: 43
Thanks: 14
Thanked 4 Times in 2 Posts
Cool

Quote:
Originally Posted by till View Post
You could have e.g. exchanged the alias domain name with the main domain name, as the ssl domain is normally the main domain of a site.
That would be a great option if the server were a single IP server with one certified SSL certificate.

In my case, the server is a multiple IP server and multiple certified SSL certificate server, and there is no real "main domain".

I probably could have also avoided having to do this by sandboxing each SSL domain with OpenVZ.

This isn't optimal for my case though and would have been both overkill and a major inconvenience, since all IPs and all SSL domains are owned by the same client and this is a true dedicated server.
__________________
We are not equal
Reply With Quote
Reply

Bookmarks

Tags
aliasdomain, help-out, isp config 3, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up a SSL Domain JESUSSAVES General 2 10th April 2012 15:50
A domain with SSL and non SSL parts spanish Installation/Configuration 1 11th May 2011 09:00
Postfix not forwarding for some domains flappy Installation/Configuration 3 21st November 2010 17:57
SSL in new domain metaldrummer Installation/Configuration 1 7th December 2006 20:57
REAL SSL Cert install problems theduke Installation/Configuration 5 4th October 2005 22:06


All times are GMT +2. The time now is 09:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.