ISPConfig & RapidSSL

[kextra1]

I just bought a new RapidSSL Certificate,

I have to enter the CSR....which i'm assuming comes from /root/ispconfig/httpd/conf/ssl.crt/ssl.crt

please correct me if I'm wrong,

Then I enter the name and all that.

Last time I tried to submit it gave me the error CSR parse failure.

Possibly I have the wrong contact information entered on the SSL providers site....any suggestions? Should I regenerate the certificate?

I want this to be my main ispconfig cert...the one that's used to access https://www.domain.com:81 ispconfig panel.

Also, there is a field where it asks u what type of cert....

It gives u the options Apache + OpenSSL

however it also gives the option for Apache2......i figured im using apache2...but im also using openssl with the ispconfig install right?...so i chose apache + openssl for the crt type....is that right?....also...should i put the server.crt or the ca.crt in there?

Thanks...im not to educated on ssl.....

So i want this ssl cert to be the one for https://www.domain.com:81 and https://www.domain.com:81/roundcubemail etc... everything https....does the /etc/postfix/ssl cert have nothing to do with this?


Thanks,

kextra1

[falko]

Quote:

Originally Posted by kextra1

Last time I tried to submit it gave me the error CSR parse failure.

Did you specify the correct details when you created the certificate?

Quote:

Originally Posted by kextra1

however it also gives the option for Apache2......i figured im using apache2...but im also using openssl with the ispconfig install right?...so i chose apache + openssl for the crt type....is that right?

If this is for the ISPconfig control panel on port 81, it's Apache + SSL.

Quote:

Originally Posted by kextra1

does the /etc/postfix/ssl cert have nothing to do with this?

No, the Postfix certificate has nothing to do with it.

[kextra1]

Okay,

Well I bought it as Apache + apacheSSL...but they give directions for that...and apache mod ssl to....i have 7 days to cancel and rechange it....

Also when i bought the ssl cert they sent me confirmation saying i bought a cert for:

https://myssldomain.com

That's right isnt it? ...that should cover the port 81 too? hehe, im an ssl dummie

Only thing I do with SSL is clear the slate everyday in every browser.... heh..

Also, I installed ispconfig under the .org site, and want the cert for a .net, i only have ssl checked on the dot net

On the SSL tab do i include BEGIN SSL CERT, and -----BEGIN SSL CERT REQUEST--- stuff before hand on the ISPConfig SSL tab?

Thanks

[falko]

Quote:

Originally Posted by kextra1

that should cover the port 81 too?

Yes.

Quote:

Originally Posted by kextra1

On the SSL tab do i include BEGIN SSL CERT, and -----BEGIN SSL CERT REQUEST--- stuff before hand on the ISPConfig SSL tab?

Thanks

Yes, you must include that line.

[kextra1]

I was just doing some ISPConfig modifications with my cousin earlier and happened to look at the error_log for ispconfig and noticed some SSL errors.

Like for example one was from googlebot [client 66.249.73.52] is googlebot btw..

[Sat Apr 4 05:40:28 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 03:00:07 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)

Then later I keep getting handshake errors like:

[Mon Apr 6 16:15:42 2009] [error] mod_ssl: SSL handshake failed (server www.kextra1domain.org:81, client 192.168.1.1) (OpenSSL library error follows) [Mon Apr 6 16:15:42 2009] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] [Mon Apr 6 16:19:57 2009] [notice] caught SIGTERM, shutting down [Mon Apr 6 16:21:29 2009] [notice] Apache configured -- resuming normal operations [Mon Apr 6 16:21:29 2009] [notice] Accept mutex: sysvsem (Default: sysvsem) [Mon Apr 6 18:00:55 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Mon Apr 6 18:00:55 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?] [Mon Apr 6 20:21:16 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Mon Apr 6 23:12:47 2009] [error] [client 66.249.73.52] File does not exist: /home/admispconfig/ispconfig/web/robots.txt [Wed Apr 8 19:50:09 2009] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Wed Apr 8 19:50:09 2009] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS

I only have one IP address so I made sure SSL was disabled or not checked in any of the ISPConfig webs.

The only SSL Cert I want to be valid is the port 81 stuff like the admin panel.

Also, i have a router in front of the machine which is 192.168.1.1 ....maybe i have to confrigure the router because it shows that address as the client?

And where it says CN does not match CA, I'm guessing that means when i installed ispconfig server1.domain.com doesnt match the cert www.domain.com right? Can I adjust those settings without hurting ISPConfig?


Thanks guys,

kextra1

[falko]

It seems as if you used http instrad of https to access ISPConfig.

[khayjake]

Hey k,

Those logs are from the days when your server was messed up from the upgrade downgrade thing. I did the same thing and have similar logs.

Probably still getting handshake errors?

I bought a 2nd new cert but am waiting for a new ip im getting here soon...

[kextra1]

I've got the new IP khayjake, and i got the other old one refunded and am configuring this new one.

Falko,

Here are my choices.

Apache2
Apache+ApacheSSL
Apache+OpenSSL
Apache+MOD SSL
Apache+Raven
Apache+SSLeay

Which should I choose? I cant change it once it's submitted.

I thought if I was using it for the admin panel at https://myispconfigserver.com:81 i would use "Apache2" for ispconfig. If I am incorrect please let me know as soon as possible.

From what I've read the Apache+MOD SSL would be used if I was to want the certificate on a site that has the "SSL" box checked through the ISPConfig panel...but I want it for the https://www.myispconfigserver.com:81 panel and mail and whatnot.

I simply dont know if i should choose Apache2, Apache+OpenSSL or Apache+ApacheSSL for it to work properly once issued.

Thanks for your help

[falko]

If you need the certificate for the ISPConfig control panel, you must choose Apache+MOD SSL (because ISPConfig 2 comes with its own Apache, version 1.3.x + mod_ssl).

If you need the certificate for one of your web sites, it's probably Apache2 (because all modern distros come with Apache2).

[kextra1]

yeah that had me confused, they had apache2+mod_ssl, apache2+openssl, hehe...but it was really just needing "apache2"

Plus they require the intermediate.crt and all sorts of stuff that was pretty easy to find on google thanks to you guys.

I posted a detailed tut of my notes all consolidated here:

http://howtoforge.com/forums/showthr...943#post258943

Hope it helps somebody

Thanks for your help