Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 31st August 2011, 00:39
mangoo mangoo is offline
Junior Member
 
Join Date: Apr 2006
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
Default how do I install a SSL cert for a website?

Perhaps it's a stupid question, but how do I install my own SSL cert for a website?

Assuming my website is example.com and I have example.com.key (private key), example.com.crt (certificate), example.com.bundle (SSL vendor bundle), and I use a dedicated IP for it - if I go to Website -> Domain -> example.com and click SSL, I only have these options:


SSL Request - does not apply; I don't need to specify a CSR
SSL Certificate - I'd put example.com.crt content here
SSL Bundle - I'd put example.com.bundle content here

So, it looks like there is no space to provide the private key - confusing.

How do I assign a SSL cert to a website?
__________________
Software deployment with Samba
Reply With Quote
Sponsored Links
  #2  
Old 31st August 2011, 12:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

From the ISPConfig 3 Manual (screenshots missing in this post):

Quote:
5.4 How Do I Create An SSL Web Site?

To make a web site SSL-capable, please make sure that the SSL checkbox is checked on the web site's Domain tab (please note that you can have only one SSL web site per IP address). Important: you must select a specific IP address from the IP-Address drop-down menu; you must not select the wildcard (*)!

Then go to the SSL tab (see chapter 4.6.1.1).

On the SSL tab you can create a self-signed SSL certificate together with a certificate signing request (CSR) that you can use to apply for an SSL certificate that is signed by a trusted certificate authority (CA) such as Verisign, Comodo, Thawte, etc. It's not necessary to buy such a trusted SSL certificate, but you should note that if you use a self-signed SSL certificate, browsers will display a warning to your visitors.

Please note that you can have just one SSL web site per IP address.

To create a self-signed certificate, please fill out the fields State, Locality, Organisation, Organisation Unit, Country, and SSL Domain, and then select Create Certificate from the SSL Action drop-down menu, and click on Save. Leave the fields SSL Request, SSL Certificate, and SSL Bundle empty - the fields SSL Request and SSL Certificate will be filled out by the system.

After the self-signed certificate was created, you will find data in the SSL Request and SSL Certificate fields (it can take one or two minutes until the data appears in the fields):

It is already possible to access the web site using https:// now with the self-signed certificate, but your visitors will see a warning. For example, Firefox will complain about the self-signed certificate, therefore you must tell Firefox to accept the certificate - to do this, click on the I Understand the Risks link:

Click on Add Exception...:

The Add Security Exception window opens. In that window, click on the Get Certificate button first and then on the Confirm Security Exception button:

Afterwards you should be able to see the https:// web site:

If you want to buy an SSL certificate from a trusted CA, you have to copy the data from the SSL Request field - this is the certificate signing request (CSR). With this CSR, you can apply for a trusted SSL certificate at your CA - the CA will create an SSL certificate from this CSR, and you can paste the trusted SSL certificate into the SSL Certificate field. Sometimes your CA will also give you an SSL bundle - paste this into the SSL Bundle field. Select Save Certificate from the SSL Action drop-down menu and click on the Save button:

You have just replaced your self-signed certificate with a trusted SSL certificate.

To delete a certificate, select Delete Certificate from the SSL Action drop-down menu and click on the Save button.


5.4.1 How Do I Import An Existing SSL Certificate Into A Web Site That Was Created Later In ISPConfig?

Let's assume you created an SSL certificate for the web site example.com manually (for example by using these commands:

cd /home/example.com/certs/
openssl genrsa -des3 -out custom.key.org 2048

openssl req -new -key custom.key.org -out custom.csr -days 365

openssl req -x509 -key custom.key.org -in custom.csr -out custom.crt -days 365

openssl rsa -in custom.key.org -out custom.key

chmod 600 custom.key

), and later on you created the web site example.com in ISPConfig 3, and now you want to use your manually created SSL certificate for that web site.

To achieve this, you first have to create an SSL certificate for the example.com web site as shown in chapter 5.4. Afterwards, you will find the certificate in the /var/www/example.com/ssl directory:

ls -l /var/www/example.com/ssl

server1:~# ls -l /var/www/example.com/ssl
total 16
-rw-r--r-- 1 root root 1350 Dec 6 17:53 example.com.crt
-rw-r--r-- 1 root root 1127 Dec 6 17:53 example.com.csr
-r-------- 1 root root 1675 Dec 6 17:53 example.com.key
-rw-r--r-- 1 root root 1743 Dec 6 17:53 example.com.key.org
server1:~#

Now you can replace this certificate by copying your manually created .key, .csr, and .crt files to the /var/www/example.com/ssl directory (the files must have the same names as the original files in the /var/www/example.com/ssl directory, i.e. example.com.key, example.com.csr, and example.com.crt):

cp /home/example.com/certs/custom.key /var/www/example.com/ssl/example.com.key
cp /home/example.com/certs/custom.csr /var/www/example.com/ssl/example.com.csr
cp /home/example.com/certs/custom.crt /var/www/example.com/ssl/example.com.crt

Now copy the contetns of /var/www/example.com/ssl/example.com.csr...

cat /var/www/example.com/ssl/example.com.csr

-----BEGIN CERTIFICATE REQUEST-----
MIIDCDCCAfACAQAwgZ0xCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw 1OaWVkZXJzYWNo
c2VuMRIwEAYDVQQHEwlMdWVuZWJ1cmcxGTAXBgNVBAoTEHByb2 pla3RmYXJtIEdt
YkgxCzAJBgNVBAsTAklUMRQwEgYDVQQDEwtleGFtcGxlLmNvbT EkMCIGCSqGSIb3
DQEJARYVd2VibWFzdGVyQGV4YW1wbGUuY29tMIIBIjANBgkqhk iG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4BJ+EB4gvLYkQ3fuUHBEuoGpRWl330rvMv QFG2QR+0f3oV+d
U01B23nZxNxqC/XZKKgl52fT+rpXkXfcJYyZ0c7lIS+bcuFbqH82IXWw7b6OvOuG
eYtIs0tu0viNNVWIA0DPgNUWpSzjI9HPyfSDij1ClAgaQKM1wq wad8Okm6ljRcR9
+spe1GrhU7SWrIvEy7SL58WbUpi4hR/OvTwqi5dN30nLoTl5xfLkQda80BeZ+d0W
30JKhYLC8Tqt81Sx0NBuK5drt1NYgowdBiElP3V2ZZR+/j/4dHZ/8oZYIzaTB1Ja
UeNRxswiBOgVnPtmQZYWHh9kShuceWelAAJ64QIDAQABoCUwIw YJKoZIhvcNAQkH
MRYTFEEgY2hhbGxlbmdlIHBhc3N3b3JkMA0GCSqGSIb3DQEBBQ UAA4IBAQBko5n8
JkNN6CTDrtUyM1QnSnYZt69jhlw7RxrWQTl3awmG1l3dIjbr6S 70c2FCWMvfEmDw
bDZHir/n23VuIpydRwjuFs+pjCPF3R/XHHGv2kpw+1mjidQptYFyKtEI9FFfL8Zp
1RR5As0lzCdVvPewE/EswBmLte0No9QQfN5XCE6hh3t7IoEy/Ait+y7vX19TwXwA
qSfpGR3AgfrL6WOV/PgutoQtCuhTfGBBYIldl34phFsS8x3ks4hy+Dzs691yFv1h
1NJUFcuNIBFCzcdAwXAJS9Ql//ZRdG7G+05fnlUM0kLqDKFaU7gjMetCobHD+cqL
Iif3ep5yAuQY7N50
-----END CERTIFICATE REQUEST-----

... and /var/www/example.com/ssl/example.com.crt...

cat /var/www/example.com/ssl/example.com.crt

-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIJAJtWGs76Sw+wMA0GCSqGSIb3DQEBBQ UAMIGZMQswCQYD
VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1 UEBxMJTHVlbmVi
dXJnMRkwFwYDVQQKExBwcm9qZWt0ZmFybSBHbWJIMQswCQYDVQ QLEwJJVDEUMBIG
A1UEAxMLZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWZ0QG ZhbGtvdGltbWUu
Y29tMB4XDTEwMTIwNjE0Mzk0NVoXDTExMTIwNjE0Mzk0NVowgZ kxCzAJBgNVBAYT
AkRFMRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRIwEAYDVQQHEw lMdWVuZWJ1cmcx
GTAXBgNVBAoTEHByb2pla3RmYXJtIEdtYkgxCzAJBgNVBAsTAk lUMRQwEgYDVQQD
EwtleGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRZnRAZmFsa2 90aW1tZS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJGOCnJx VIiqOvgNu65d6+
uZh7+W6J++W0P/k4Na4f6ax37LrwKWway5YhmpYWlOYhhqs5MKDMs2Md/SJjPmAZ
UjBj4/8c/7WaX39fb/FgGAC0x0GwobrMs7wp3jAuXidah8zG7dvcSyjjZqdXXNc6
kdfRhQJqG7re6P2v3kmqtmhNKlQheC5I1nERmAf928htXFJFd6 qkwE0m5Yq34Vw4
zj/a9Wbza42MoYIXcyeY4De3+L/vM9pme20Qs4XpoN+mDrNuyVh3r1ITuo8TZ6sY
cR9buZDvw4mvzZ1WgR0fKdLWoLZkKdA3wwq4gaTBPjBWCf56Nf tgxrJ3KrMzndMj
AgMBAAGjggEBMIH+MB0GA1UdDgQWBBSYxv4QIQm6cA17gRsBTX x3V/itxjCBzgYD
VR0jBIHGMIHDgBSYxv4QIQm6cA17gRsBTXx3V/itxqGBn6SBnDCBmTELMAkGA1UE
BhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBA cTCUx1ZW5lYnVy
ZzEZMBcGA1UEChMQcHJvamVrdGZhcm0gR21iSDELMAkGA1UECx MCSVQxFDASBgNV
BAMTC2V4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFmdEBmYW xrb3RpbW1lLmNv
bYIJAJtWGs76Sw+wMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQ EFBQADggEBABHs
1/TErdaoX82wUL02NxPu2R22iX8+nklqq7TfVxog1+F+HlKwqBEZ Z7Gepur5S1JO
JxFbKjnXGsJw0OIHjMcJj2WL4/caXsr95tDGBzwLhojPuJwFTjnd1V9wFe3T41cm
9jpXPt+IsROtqwuiO+JnxR0IMmD1ryJyDWLwZVJWlcU4vts44O uXDQLqwpUHZiOj
3BDcb2daHCvTTBF6BxZPYsENqk3oKvfR9s18PrUzwxr/FoI3JBOahGujA2wHOR48
UGDit0EqWfp35jNYgh/c7gklkVLAJJ9Gf9JvqY6J5Vhrtl3XDQaT9KbY+LCBbozt
KxmEELvVXz3cLTvVWGg=
-----END CERTIFICATE-----

... and paste the contents of the .csr file into the SSL Request field and the contents of the .crt file into the SSL Certificate field on the SSL tab of the example.com web site in ISPConfig, select Save Certificate and click on Save:

That's it! The example.com web site uses your manually created SSL certificate now.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 3rd February 2012, 04:13
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default Will this affect the ssl login for the ISPConfig 3 control panel?

If I setup SSL for a website/domain, can I use a different and new certificate from the one created in the ISPConfig setup?

I saw: "Please note that you can have just one SSL web site per IP address."

but does the control panel count as the one website since it's using IP address only?

The situation is that for the control panel login I don't mind the ssl cert warning in Firefox, but I need ssl for a website without the ssl cert warning using a certificate from startssl or another company and I only have 1 ip address for the server.

Last edited by PermaNoob; 3rd February 2012 at 04:16.
Reply With Quote
  #4  
Old 3rd February 2012, 13:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
 
Default

Quote:
Originally Posted by PermaNoob View Post
If I setup SSL for a website/domain, can I use a different and new certificate from the one created in the ISPConfig setup?
Yes.

Quote:
Originally Posted by PermaNoob View Post
I saw: "Please note that you can have just one SSL web site per IP address."

but does the control panel count as the one website since it's using IP address only?
ISPConfig runs on a different port (8080), so it doesn't count.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a SSL website in ISPConfig 3? qiubosu Installation/Configuration 2 1st August 2011 03:52
Each website listens on different port for SSL autogun General 1 16th February 2011 21:56
Adding SSL cert brought Apache down wxman Installation/Configuration 8 3rd September 2009 14:58
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 11:46
Can't get SSL Cert to work rbartz Installation/Configuration 4 23rd April 2006 10:32


All times are GMT +2. The time now is 12:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.