I know there is lots of threads about this and I read trough them last 2 days and used a lot of suggestions but could not find help.
I have class2 certificate from startssl.com named ssl.crt
I downloaded their certificates:
and put all certificates into /root/ispconfig/httpd/conf/ssl.crt (the default ca-bundle.crt from ISPconfig renamed to ca-bundle.crt.ispconf)
I edited httpd.conf in /root/ispconfig/httpd/conf :
I restarted server
All the same - browser deemed my certificate unsecure (not recognized authority).
I changed SSLCertificateChainFile and SSLCACertificateFile to all possible combinations, each time restarted server and cleared cache in browser. No joy.
When I do:
openssl verify -CAfile /root/ispconfig/httpd/conf/ssl.crt/ca-bundle.crt -purpose sslserver /root/ispconfig/httpd/conf/ssl.crt/ssl.crt
the result is OK but then I can't access admin area on port 81 (websites and emails works) = that is second problem I need help with, I have one live server I cant access admin area now
This is working now. I had typo in httpd/conf/httpd.conf.
I am able to access admin on this site after fixing typo and restarting ISPConfig.
What I am duing wrong? Where else I have to edit something?
More info: obviously I use https connection to admin area on port 81
the certificate is specific to the servers admin area - not valid for other domains (server2.mydomain.net)
systems are Debian Lenny (1x) and Debian Etch (1x)
Thanks very much for help.
The certificate on the server which had typo is now working. I am going trough the other's conf file to make sure there is not a typo as well.
I am reinstalling ISPConfig on the second server once more and after I'll try to install certificate again. Will see what will happened.