Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th January 2008, 20:58
Robeast Robeast is offline
Junior Member
 
Join Date: Jan 2008
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Issues securing Webmail with SSL Certificate

My webmail client (squirrelMail) is working perfect, but I would like to run it over https. The url for the web mail client is webmail.domain.com. I had a SSL certificate built by a Certificate Authority (godaddy) for this URL. In ISPConfig, I enabled SSL for this site. I also copied the certificate into the SSL Certificate box and saved the certificate. I opened port 443 on my firewall. But when I go the website httpS://webmail.domain.com, the browser hits me with a pop saying, "webmail.domain.com has sent an incorrect or unexpected message."

I did a little research and I found I have to copy the certificate, intermediate certificate and key file onto the server and edit the ssl.conf file to point the SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile variables to the correct path. I looked in the /root/ispconfig/httpd/conf directory and didn't find a ssl.conf file. I did a search for ssl.conf and found two (/etc/apache2/mods-available/ssl.conf, /etc/apache2/mods-enabled/ssl.conf). In both of these files there is no sections for any of these variables. Should I create a ssl.conf and put in the /root/ispconfig/httpd/conf or edit one or both of the existing ssl.conf? Or is there a way this can be handled through the ISPConfig control panel? Thanks in advance for any help.
Reply With Quote
Sponsored Links
  #2  
Old 26th January 2008, 00:17
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default

If you're using ISPConfig on top of your system, all you have to do is walk through the steps mentioned here: http://www.howtoforge.com/faq/14_49_en.html. Make sure that apache2 has been started afterwards.
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
  #3  
Old 28th January 2008, 16:14
Robeast Robeast is offline
Junior Member
 
Join Date: Jan 2008
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Issues securing Webmail with SSL Certificate

Thanks but I did that as described. That is how it is currently set up. I took a look at this post.

http://www.howtoforge.com/forums/sho...t=16183&page=3

I took a look at my vhosts_ispconfig.conf file and noticed I don't have a NameVirtualHost XXX.XXX.XXX.XXX:443 or VirtualHost XXX.XXX.XXX.XXX:443 even though I have the SSL box checked in the ISP Site Control Panel. I have restarted the web-server service since I checked this box. I tried to edit this file and add the appropriate information, but when I restart the service the changes are erased.

Thanks again for any help.
Reply With Quote
  #4  
Old 29th January 2008, 20:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Is mod_ssl enabled? Please run
Code:
a2enmod ssl
and restart Apache.
Are there any errors in Apache's error log? What's the output of
Code:
ls -la /etc/apache2/vhosts
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 29th January 2008, 21:29
Robeast Robeast is offline
Junior Member
 
Join Date: Jan 2008
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Issues securing Webmail with SSL Certificate

Thanks for the reply. When I ran the "a2enmod ssl" it replied back with "This module is already enable!". Here is what the "ls -la /etc/apache2/vhosts" output looks like:

user@server:~$ sudo ls -la /etc/apache2/vhosts
total 20
drwxr-xr-x 2 root root 4096 2008-01-28 09:13 .
drwxr-xr-x 8 root root 4096 2008-01-08 11:02 ..
-rw-r--r-- 1 root root 2559 2008-01-29 15:22 Vhosts_ispconfig.conf
-rw-r--r-- 1 root root 2559 2008-01-29 15:22 Vhosts_ispconfig.conf~
-rw-r--r-- 1 root root 2559 2008-01-28 09:13 Vhosts_ispconfig.conf.backup

Thanks again for the help.
Reply With Quote
  #6  
Old 29th January 2008, 21:41
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

You could just upload the SSLCertificateChainFile gd_intermediate_bundle.cer from godaddy to your ssl folder.


Then add this to your apache directives within ispconfig control panel for site.
Code:
SSLCertificateChainFile /var/www/web?/ssl/gd_intermediate_bundle.cer
You might have to restart apache afterwards.
Reply With Quote
  #7  
Old 30th January 2008, 00:54
Robeast Robeast is offline
Junior Member
 
Join Date: Jan 2008
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Issues securing Webmail with SSL Certificate

Thanks for the reply. I copied the gd_intermediate_bundle.crt file into the /var/www/webXX/ssl directory. I then copied the other cert into the SSL Certificate textbox and selected the save certificate. I then add "SLCertificateChainFile /var/www/webXX/ssl/gd_intermediate_bundle.crt" line to the Apache Directives
(Optional): I saved these settings and restarted the web-server and I still get the same error when I go to the https site.

Thanks again.
Reply With Quote
  #8  
Old 30th January 2008, 15:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What are the outputs of
Code:
netstat -tap
and
Code:
httpd -t
? What's in your Vhosts_ispconfig.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 30th January 2008, 22:34
Robeast Robeast is offline
Junior Member
 
Join Date: Jan 2008
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Issues securing Webmail with SSL Certificate

Thanks for the reply. When I enter in the command "netstat -tap" here is the output I get:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 4807/mysqld
tcp 0 0 *:www *:* LISTEN 5263/apache2
tcp 0 0 *:81 *:* LISTEN 5219/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 9161/proftpd: (acce
tcp 0 0 server.domain.:domain *:* LISTEN 5408/named
tcp 0 0 localhost.locald:domain *:* LISTEN 5408/named
tcp 0 0 *:smtp *:* LISTEN 9213/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 5408/named
tcp 0 0 *:https *:* LISTEN 5263/apache2
tcp6 0 0 *:imaps *:* LISTEN 4920/couriertcpd
tcp6 0 0 *op3s *:* LISTEN 4956/couriertcpd
tcp6 0 0 *op3 *:* LISTEN 4933/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 4900/couriertcpd
tcp6 0 0 *:domain *:* LISTEN 5408/named
tcp6 0 0 *:ssh *:* LISTEN 4713/sshd
tcp6 0 0 *:smtp *:* LISTEN 9213/master
tcp6 0 0 ip6-localhost:953 *:* LISTEN 5408/named
tcp6 0 2160 server.domain.com:ssh ::ffff:192.168.25:54729 ESTABLISHED21652/sshd: User

Here is the output for the "httpd -t" command:

Syntax OK

Here my Vhosts_ispconfig.conf file:

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
NameVirtualHost XXX.XXX.XXX.XXX:80
<VirtualHost XXX.XXX.XXX.XXX:80>
ServerName localhost
ServerAdmin root@localhost
DocumentRoot /var/www/sharedip
</VirtualHost>

#
#
#
######################################
# Vhost: webmail.domain.com:80
######################################
#
#
<VirtualHost XXX.XXX.XXX.XXX:80>
SSLCertificateChainFile /var/www/web15/ssl/gd_intermediate_bundle.crt
ServerName webmail.domain.com:80
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/webXX/web
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Defa$
ErrorLog /var/www/webXX/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
Alias /error/ "/var/www/webXX/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/webXX/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/webXX/user/$1/web/$3
</VirtualHost>
#
#
#


That's all that is in my Vhosts_ispconfig.conf file there is nothing in there for 443. This is with adding the SLCertificateChainFile /var/www/webXX/ssl/gd_intermediate_bundle.crt" line to the Apache Directives
(Optional) textbox in the ISPConfig control panel. Also shouldn't there be commands "SSLEngine on
SSLCertificateFile /var/www/webXX/ssl/www.yourdomain.com.crt
SSLCertificateKeyFile /var/www/webXX/ssl/www.yourdomain.com.key" in there as well? Thanks again for all the help.
Reply With Quote
  #10  
Old 30th January 2008, 22:57
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
 
Default

just a thought,
did you create the ssl csr or self signed crt for the site using the ispconfig control panel before you had godaddy sign the csr?
if not you might need to create the ssl crt using the control panel so that it adds the proper lines to the Vhosts_ispconfig.conf then replace the crt and key with in the ssl dir with what godaddy built for you.
Reply With Quote
The Following User Says Thank You to daveb For This Useful Post:
Robeast (31st January 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
SSL and ISPConfig/Apache issues (Help!) isalandr Installation/Configuration 18 16th November 2007 15:53
SSL Certificate for webmail dayjahone Installation/Configuration 10 13th August 2007 14:57
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11
ssl Certificate Invalid simplyworks Installation/Configuration 8 16th August 2006 16:44


All times are GMT +2. The time now is 06:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.