#1  
Old 28th March 2009, 06:58
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default ISPConfig & RapidSSL

I just bought a new RapidSSL Certificate,

I have to enter the CSR....which i'm assuming comes from /root/ispconfig/httpd/conf/ssl.crt/ssl.crt

please correct me if I'm wrong,

Then I enter the name and all that.

Last time I tried to submit it gave me the error CSR parse failure.

Possibly I have the wrong contact information entered on the SSL providers site....any suggestions? Should I regenerate the certificate?

I want this to be my main ispconfig cert...the one that's used to access https://www.domain.com:81 ispconfig panel.

Also, there is a field where it asks u what type of cert....

It gives u the options Apache + OpenSSL

however it also gives the option for Apache2......i figured im using apache2...but im also using openssl with the ispconfig install right?...so i chose apache + openssl for the crt type....is that right?....also...should i put the server.crt or the ca.crt in there?

Thanks...im not to educated on ssl.....

So i want this ssl cert to be the one for https://www.domain.com:81 and https://www.domain.com:81/roundcubemail etc... everything https....does the /etc/postfix/ssl cert have nothing to do with this?


Thanks,

kextra1

Last edited by kextra1; 28th March 2009 at 07:35.
Reply With Quote
Sponsored Links
  #2  
Old 29th March 2009, 21:00
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by kextra1 View Post
Last time I tried to submit it gave me the error CSR parse failure.
Did you specify the correct details when you created the certificate?

Quote:
Originally Posted by kextra1 View Post
however it also gives the option for Apache2......i figured im using apache2...but im also using openssl with the ispconfig install right?...so i chose apache + openssl for the crt type....is that right?
If this is for the ISPconfig control panel on port 81, it's Apache + SSL.

Quote:
Originally Posted by kextra1 View Post
does the /etc/postfix/ssl cert have nothing to do with this?
No, the Postfix certificate has nothing to do with it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 30th March 2009, 11:27
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default Help on the extra fields please

Okay,

Well I bought it as Apache + apacheSSL...but they give directions for that...and apache mod ssl to....i have 7 days to cancel and rechange it....

Also when i bought the ssl cert they sent me confirmation saying i bought a cert for:

https://myssldomain.com

That's right isnt it? ...that should cover the port 81 too? hehe, im an ssl dummie

Only thing I do with SSL is clear the slate everyday in every browser.... heh..

Also, I installed ispconfig under the .org site, and want the cert for a .net, i only have ssl checked on the dot net

On the SSL tab do i include BEGIN SSL CERT, and -----BEGIN SSL CERT REQUEST--- stuff before hand on the ISPConfig SSL tab?

Thanks
Reply With Quote
  #4  
Old 31st March 2009, 16:40
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by kextra1 View Post
that should cover the port 81 too?
Yes.

Quote:
Originally Posted by kextra1 View Post
On the SSL tab do i include BEGIN SSL CERT, and -----BEGIN SSL CERT REQUEST--- stuff before hand on the ISPConfig SSL tab?

Thanks
Yes, you must include that line.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 11th April 2009, 00:52
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default SSL handshake errors in error_log

I was just doing some ISPConfig modifications with my cousin earlier and happened to look at the error_log for ispconfig and noticed some SSL errors.

Like for example one was from googlebot [client 66.249.73.52] is googlebot btw..

[Sat Apr 4 05:40:28 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 03:00:07 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)

Then later I keep getting handshake errors like:

[Mon Apr 6 16:15:42 2009] [error] mod_ssl: SSL handshake failed (server www.kextra1domain.org:81, client 192.168.1.1) (OpenSSL library error follows) [Mon Apr 6 16:15:42 2009] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] [Mon Apr 6 16:19:57 2009] [notice] caught SIGTERM, shutting down [Mon Apr 6 16:21:29 2009] [notice] Apache configured -- resuming normal operations [Mon Apr 6 16:21:29 2009] [notice] Accept mutex: sysvsem (Default: sysvsem) [Mon Apr 6 18:00:55 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Mon Apr 6 18:00:55 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?] [Mon Apr 6 20:21:16 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 23:12:47 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Wed Apr 8 19:50:09 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Wed Apr 8 19:50:09 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS

I only have one IP address so I made sure SSL was disabled or not checked in any of the ISPConfig webs.

The only SSL Cert I want to be valid is the port 81 stuff like the admin panel.

Also, i have a router in front of the machine which is 192.168.1.1 ....maybe i have to confrigure the router because it shows that address as the client?

And where it says CN does not match CA, I'm guessing that means when i installed ispconfig server1.domain.com doesnt match the cert www.domain.com right? Can I adjust those settings without hurting ISPConfig?


Thanks guys,

kextra1

Last edited by kextra1; 11th April 2009 at 01:07. Reason: router info & CN Question
Reply With Quote
  #6  
Old 11th April 2009, 20:30
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

It seems as if you used http instrad of https to access ISPConfig.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 15th April 2009, 01:38
khayjake khayjake is offline
Member
 
Join Date: Apr 2009
Posts: 33
Thanks: 7
Thanked 5 Times in 4 Posts
Default Log Dates

Hey k,

Those logs are from the days when your server was messed up from the upgrade downgrade thing. I did the same thing and have similar logs.

Probably still getting handshake errors?

I bought a 2nd new cert but am waiting for a new ip im getting here soon...
Reply With Quote
  #8  
Old 12th May 2010, 01:49
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default RapidSSL with ISPConfig Panel

I've got the new IP khayjake, and i got the other old one refunded and am configuring this new one.

Falko,

Here are my choices.

Apache2
Apache+ApacheSSL
Apache+OpenSSL
Apache+MOD SSL
Apache+Raven
Apache+SSLeay

Which should I choose? I cant change it once it's submitted.

I thought if I was using it for the admin panel at https://myispconfigserver.com:81 i would use "Apache2" for ispconfig. If I am incorrect please let me know as soon as possible.

From what I've read the Apache+MOD SSL would be used if I was to want the certificate on a site that has the "SSL" box checked through the ISPConfig panel...but I want it for the https://www.myispconfigserver.com:81 panel and mail and whatnot.

I simply dont know if i should choose Apache2, Apache+OpenSSL or Apache+ApacheSSL for it to work properly once issued.

Thanks for your help
Reply With Quote
  #9  
Old 12th May 2010, 15:14
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

If you need the certificate for the ISPConfig control panel, you must choose Apache+MOD SSL (because ISPConfig 2 comes with its own Apache, version 1.3.x + mod_ssl).

If you need the certificate for one of your web sites, it's probably Apache2 (because all modern distros come with Apache2).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 24th June 2011, 15:55
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
 
Default yeah

yeah that had me confused, they had apache2+mod_ssl, apache2+openssl, hehe...but it was really just needing "apache2"

Plus they require the intermediate.crt and all sorts of stuff that was pretty easy to find on google thanks to you guys.

I posted a detailed tut of my notes all consolidated here:

http://howtoforge.com/forums/showthr...943#post258943

Hope it helps somebody

Thanks for your help
Reply With Quote
The Following User Says Thank You to kextra1 For This Useful Post:
falko (25th June 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig setup - DNS, router and general access problems ingvar Installation/Configuration 6 31st July 2010 13:13
ISPConfig 2.2.18 ----> 2.2.24 Br8knitOFF Installation/Configuration 19 24th September 2008 17:58
Migrating from Virtualmin to ISPConfig xare Installation/Configuration 3 16th July 2006 12:58
ISPConfig 2.3.1-dev released till General 0 8th May 2006 22:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16


All times are GMT +2. The time now is 20:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.