Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 24th June 2011, 16:49
kextra1 kextra1 is offline
Senior Member
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default Solved ISPConfig Admin Panel w/RapidSSL

This is a brief tutorial on how to install a RapidSSL certificate to be used with your ISPConfig admin panel, webmail, etc. etc. everything on and after https://www.yourdomain.com:81/*

It's pretty simple, but I'll go into detail for SSL newbie's like me.

I used Enom to purchase the RapidSSL cert for $70 bucks less.

It's actually pretty easy... so I felt like a dummie at first being confused on the different certificate webserver types that could have been correct when purchasing and checking out and all sorts of other small things that weren't documented very well for a person like me buying his 2nd SSL cert.

This includes the new RapidSSL requirements that require at least 2048 when generating the key as well as the newly required "intermediate.crt" they send you with your server.crt, and where to add the path's for the intermediate.crt to ispconfig 2.

It's not rocket science like some of you genious' get into, but I hope it helps some of you guys.

I used ENOM so I could get the $79.95/yr cert for $9.95/yr, but it's pretty much the same if you go directly through RapidSSL.com.


Go to enom and buy the $9.95/yr RapidSSL certificate. (Or rapidssl respectively)

Generate the Certificate in /root/ispconfig/httpd/conf/

or /root/ispconfig/httpd/conf/ssl.crt/server.crt respectively. Shown in the Generate the CSR section below.


The CN, or Common name is important! If Enom or RapidSSL directly will not allow wildcards such as *.yourdomain.com for the $9.95/yr cert

make sure you use:

ON Enom/RapidSSL: Webserver type "Apache2"

CN: www.yourdomain.com

Make sure to use the same CN: on enom as you do when generating the certificate CSR with the commands below. So when entering the CN (Common Name) include the "www" in the domain when purchasing it & generating it so it will work when you go to:




and of course everything else like :81/roundcubemail -or- :81/phpmyadmin etc. etc. it will work.. you get the picture...

So all your Co-Domain forwards and stuff are good to go.

Generate the CSR to submit to ENOM/RapidSSL:
openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024

RapidSSL requires at least 2048 now and and intermediate certificate so use the following when generating it instead of 1024.

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 2048

openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365

openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365

openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key

chmod 600 /root/ispconfig/httpd/conf/ssl.key/server.key

/etc/init.d/ispconfig_server restart

You will get an E-Mail with the new RapidSSL signed certificate.

You'll need to put this new .crt in ISPConfig's server.crt

cp /root/ispconfig/httpd/conf/ssl.crt/server.crt /root/ispconfig/httpd/conf/ssl.crt/server-backup.crt

Now paste the newly issued RapidSSL certificate you got in your email into:


UPDATED 5/16/2011

I found out with all new RapidSSL certs you need to use another cert authority thingy they send you named INTERMEDIATE CA

Make a new file in the following location:


Paste the INTERMEDIATE CA info into intermediate.crt which is at the bottom of the same email they give send u to put in the actual server.crt

Now go to the following file:


Open httpd.conf with your favorite text editor and do a find for "SSLCACertificateFile"

You'll find an already commented out example in httpd.conf

To tell ISPConfig to check the intermediate.crt you created in the steps above simply add this line below:

SSLCACertificateFile /root/ispconfig/httpd/conf/ssl.crt/intermediate.crt

Reboot your server or restart your services and you're done!

Hope this helps someone that was as inexperienced with purchasing new SSL certs as I was!

Oh btw if you're interested you can try this method exactly like I explained it through enom, I believe I still have a few reseller accounts left for $8.50/yr domains and cheap SSL certs...unfortunately $9.95 is as low as the SSL certs get, but at least it's still 70 bucks off. The nice thing was that last year I messed up the first time and they gave me a refund right away so I could resubmit. I think I chose Apache2+mod_ssl or Apache2+OpenSSL instead of just Apache2 when submitting to rapidssl. They seem like a pretty stand up company.

I'm loving all the cool stuff you guys have been posting for ispconfig 2 & 3. I can't wait to get some stuff ready for SVN hopefully sooner than later.

Reply With Quote
The Following User Says Thank You to kextra1 For This Useful Post:
falko (25th June 2011)
Sponsored Links


enom, ispconfig, rapidssl, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Relay access denied when using SMTP to external recipients Kamran Shah Installation/Configuration 111 14th May 2014 19:10
Control Panel - E-mail Tab is empty domi-nik General 15 14th April 2011 19:17
PHP warnings after upgrade to ISP config 3.03 stevegjacobs Installation/Configuration 5 30th October 2010 15:31
Hosting multiple websites and webmail dmwcool Installation/Configuration 8 30th March 2010 04:15
403 on ISPconfig 3's admin pages lord-helmet Installation/Configuration 1 28th May 2009 09:40

All times are GMT +2. The time now is 14:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.