Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th March 2012, 17:39
Woodsman Woodsman is offline
Junior Member
 
Join Date: Dec 2008
Location: Waukesha, Wisconsin USA
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to Woodsman Send a message via MSN to Woodsman Send a message via Yahoo to Woodsman
Default Securing Your ISPConfig 3 Installation With A Free Class1 SSL Certificate From StartS

There are a few problem areas when it comes to Fedora 15 and ISPConfig 3.0.4.

Error is Apache 2 Can not be found

There is no file directory "/etc/apache2/sites-available/ispconfig.vhost" on the system.

Code:
Securing Your ISPConfig 3 Installation With A Free Class1 SSL Certificate From StartSSL - Page 2
4 ISPConfig Interface (Apache2)
If you use ISPConfig 3 with Apache, open /etc/apache2/sites-available/ispconfig.vhost...

vi /etc/apache2/sites-available/ispconfig.vhost

... and add the line SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt to the # SSL Configuration section (please be aware that you have to re-add that line whenever you update ISPConfig!):

[...]
  # SSL Configuration
  SSLEngine On
  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
  SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
  ## must be re-added after an ISPConfig update!!!
  SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt
[...] 

(Adjust this if you use a Class2 certificate.)

Restart Apache afterwards:

/etc/init.d/apache2 restart
There is no directory file "/etc/courier/"

Code:
8 Courier
Create backups of /etc/courier/imapd.pem and /etc/courier/pop3d.pem... 

mv /etc/courier/imapd.pem /etc/courier/imapd.pem.bak
mv /etc/courier/pop3d.pem /etc/courier/pop3d.pem.bak

... and then symlink them to /usr/local/ispconfig/interface/ssl/ispserver.pem:

ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem /etc/courier/imapd.pem
ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem /etc/courier/pop3d.pem

Restart Courier afterwards:

/etc/init.d/courier-imap-ssl stop
/etc/init.d/courier-imap-ssl start
/etc/init.d/courier-pop-ssl stop
/etc/init.d/courier-pop-ssl start

Next
bash: /etc/init.d/pure-ftpd-mysql: No such file or directory

Code:
9 PureFTPd
Create a backup of /etc/ssl/private/pure-ftpd.pem...

cd /etc/ssl/private/
mv pure-ftpd.pem pure-ftpd.pem_bak

... and create a symlink to /usr/local/ispconfig/interface/ssl/ispserver.pem:

ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem

Restart PureFTPd afterwards:

/etc/init.d/pure-ftpd-mysql restart
The end resutlts were that I had to go back to

2 Creating A Certificate Signing Request (CSR)

and recreate new certs in order to get my sites to show again...

Any ideas for those of us using Fedora 15 with ISPConfig 3.0.4?
Reply With Quote
Sponsored Links
  #2  
Old 26th March 2012, 13:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

You will have to adjust some paths for Fedora. For example, /etc/apache2 is /etc/httpd on Fedora.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 28th March 2012, 19:20
Woodsman Woodsman is offline
Junior Member
 
Join Date: Dec 2008
Location: Waukesha, Wisconsin USA
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to Woodsman Send a message via MSN to Woodsman Send a message via Yahoo to Woodsman
Default

**** CHANGES for Fedora 15 and ISPConfig 3****
All up to this point seems to work fine

**** 4 ISPConfig Interface (Apache2) ****

CHANGE FROM
Code:
vi /etc/apache2/sites-available/ispconfig.vhost
TO
Code:
vi /etc/httpd/conf/sites-available/ispconfig.vhost
CHANGE FROM
Code:
/etc/init.d/apache2 restart
TO
Code:
/etc/init.d/httpd restart
(Failed)

**** 8 Courier ****
NOT FOUND
Create backups of /etc/courier/imapd.pem and /etc/courier/pop3d.pem...

ONLY (So are this the files to use?)
Code:
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/pop3d.pem
NOT FOUND
Restart Courier afterwards:

Code:
/etc/init.d/courier-imap-ssl stop
/etc/init.d/courier-imap-ssl start
/etc/init.d/courier-pop-ssl stop
/etc/init.d/courier-pop-ssl start
ONLY (If above is True then would I not stop and start using these?)
Code:
/etc/init.d/courier-imap
/etc/init.d/courier-pop

Remember I am a born and bred MS User learning Linux
Reply With Quote
  #4  
Old 29th March 2012, 15:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by Woodsman View Post
**** CHANGES for Fedora 15 and ISPConfig 3****
All up to this point seems to work fine

**** 4 ISPConfig Interface (Apache2) ****

CHANGE FROM
Code:
vi /etc/apache2/sites-available/ispconfig.vhost
TO
Code:
vi /etc/httpd/conf/sites-available/ispconfig.vhost
CHANGE FROM
Code:
/etc/init.d/apache2 restart
TO
Code:
/etc/init.d/httpd restart
(Failed)
Why does it fail? Do you get any errors (please check the Apache error log as well).

Quote:
Originally Posted by Woodsman View Post
**** 8 Courier ****
NOT FOUND
Create backups of /etc/courier/imapd.pem and /etc/courier/pop3d.pem...

ONLY (So are this the files to use?)
Code:
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/pop3d.pem
NOT FOUND
I think so, but am not sure. What's the output of
Code:
updatedb
locate imapd.pem
?
Quote:
Originally Posted by Woodsman View Post
Restart Courier afterwards:

Code:
/etc/init.d/courier-imap-ssl stop
/etc/init.d/courier-imap-ssl start
/etc/init.d/courier-pop-ssl stop
/etc/init.d/courier-pop-ssl start
ONLY (If above is True then would I not stop and start using these?)
Code:
/etc/init.d/courier-imap
/etc/init.d/courier-pop
Yes, these should be the correct init scripts.

BTW, why do you use Fedora? I think it will be much easier to use Debian.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 29th March 2012, 16:53
Woodsman Woodsman is offline
Junior Member
 
Join Date: Dec 2008
Location: Waukesha, Wisconsin USA
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to Woodsman Send a message via MSN to Woodsman Send a message via Yahoo to Woodsman
Default

CHANGE FROM
Code:
vi /etc/apache2/sites-available/ispconfig.vhost
TO
Code:
vi /etc/httpd/conf/sites-available/ispconfig.vhost
CHANGE FROM
Code:
/etc/init.d/apache2 restart
TO
Code:
/etc/init.d/httpd restart
(Failed)

Why does it fail? Do you get any errors (please check the Apache error log as well).

Getting /etc/apache2/ to /etc/httpd/ I did finally get to work yesterday after this post not sure what I did differently on the third try.

**** 8 Courier ****
NOT FOUND
Create backups of /etc/courier/imapd.pem and /etc/courier/pop3d.pem...

ONLY (So are this the files to use?)

Code:
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/pop3d.pem
I think so, but am not sure. What's the output of
Code:
updatedb
locate imapd.pem

?

Code:
[root@server1 ~]# updatedb
[root@server1 ~]# locate imapd.pem
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/imapd.pem.bak
[root@server1 ~]#
Restart Courier afterwards:

Code:
/etc/init.d/courier-imap-ssl stop
/etc/init.d/courier-imap-ssl start
/etc/init.d/courier-pop-ssl stop
/etc/init.d/courier-pop-ssl start
Only (If above is True then would I not stop and start using these?)

Code:
/etc/init.d/courier-imap
/etc/init.d/courier-pop
Yes, these should be the correct init scripts.

BTW, why do you use Fedora? I think it will be much easier to use Debian.


Tried Debian as a few others unfortunately I needed to update LAMP and the response from the forums were not so pleasant while asking how to do this.
Some people don't look kindly to us Linux Newbe's asking questions about servers when they feel we should be working on the basic fundamentals of the OS first.

As of this point I installed everything according to this guide including all the above Fedora changes... All seemed to have installed correctly with no errors.
But According to Eddy Nigg's StartCom CertMaster via email
I can't see a trusted certificate installed, sorry.
Reply With Quote
  #6  
Old 29th March 2012, 17:02
Woodsman Woodsman is offline
Junior Member
 
Join Date: Dec 2008
Location: Waukesha, Wisconsin USA
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to Woodsman Send a message via MSN to Woodsman Send a message via Yahoo to Woodsman
Default

What I forgot to mention as well the original issues were in creating the Class1 certs... After upgrading to Class2 this is where I thought I finally got it. But going to my host app at https://example.com:8080 I still get the cert warning and the red address bar.
Reply With Quote
  #7  
Old 30th March 2012, 10:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by Woodsman View Post
Code:
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/pop3d.pem
I think so, but am not sure. What's the output of
Code:
updatedb
locate imapd.pem

?

Code:
[root@server1 ~]# updatedb
[root@server1 ~]# locate imapd.pem
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/imapd.pem.bak
[root@server1 ~]#
Ok,
/usr/lib/courier-imap/share/imapd.pem
/usr/lib/courier-imap/share/pop3d.pem
should be the correct files.


Quote:
Originally Posted by Woodsman View Post
Tried Debian as a few others unfortunately I needed to update LAMP and the response from the forums were not so pleasant while asking how to do this.
Some people don't look kindly to us Linux Newbe's asking questions about servers when they feel we should be working on the basic fundamentals of the OS first.
I really recommend to use Debian (or Ubuntu) because its package manager is far better than Fedora's. Also, you will have less trouble with distribution upgrades. Also, we develop ISPConfig on Debian, so Debian support is much better than Fedora support. In addition to that, ISPConfig does not support all Fedora versions, for example, Fedora 16 isn't currently supported because they changed the way how services are started/stopped/restarted.

Quote:
Originally Posted by Woodsman View Post
As of this point I installed everything according to this guide including all the above Fedora changes... All seemed to have installed correctly with no errors.
But According to Eddy Nigg's StartCom CertMaster via email
I can't see a trusted certificate installed, sorry.
Please check Apache's error log.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 30th March 2012, 18:36
Woodsman Woodsman is offline
Junior Member
 
Join Date: Dec 2008
Location: Waukesha, Wisconsin USA
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to Woodsman Send a message via MSN to Woodsman Send a message via Yahoo to Woodsman
 
Default

I am not sure what it is trying to tell me...

Code:
[Fri Mar 30 10:00:02 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:05:01 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:10:07 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:15:01 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:20:02 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:20:56 2012] [notice] caught SIGTERM, shutting down
[Fri Mar 30 10:38:10 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Mar 30 10:38:10 2012] [notice] SSL FIPS mode disabled
[Fri Mar 30 10:38:10 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Mar 30 10:38:10 2012] [notice] Digest: done
[Fri Mar 30 10:38:10 2012] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Mar 30 10:38:10 2012] [notice] mod_python: using mutex_directory /tmp 
[Fri Mar 30 10:38:10 2012] [notice] SSL FIPS mode disabled
[Fri Mar 30 10:38:10 2012] [notice] Apache/2.2.22 (Unix) DAV/2 mod_fcgid/2.3.6 PHP/5.3.10 mod_python/3.3.1 Python/2.7.1 mod_ruby/1.3.0 Ruby/1.8.7(2011-12-28) mod_ssl/2.2.22 OpenSSL/1.0.0g-fips mod_perl/2.0.4 Perl/v5.12.4 configured -- resuming normal operations
[Fri Mar 30 10:39:31 2012] [notice] caught SIGTERM, shutting down
[Fri Mar 30 10:43:00 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Mar 30 10:43:00 2012] [notice] SSL FIPS mode disabled
[Fri Mar 30 10:43:00 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Mar 30 10:43:00 2012] [notice] Digest: done
[Fri Mar 30 10:43:00 2012] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Mar 30 10:43:00 2012] [notice] mod_python: using mutex_directory /tmp 
[Fri Mar 30 10:43:00 2012] [notice] SSL FIPS mode disabled
[Fri Mar 30 10:43:00 2012] [notice] Apache/2.2.22 (Unix) DAV/2 mod_fcgid/2.3.6 PHP/5.3.10 mod_python/3.3.1 Python/2.7.1 mod_ruby/1.3.0 Ruby/1.8.7(2011-12-28) mod_ssl/2.2.22 OpenSSL/1.0.0g-fips mod_perl/2.0.4 Perl/v5.12.4 configured -- resuming normal operations
[Fri Mar 30 10:45:02 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:50:02 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Fri Mar 30 10:55:01 2012] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl certificate ispconfig 3 syduck Installation/Configuration 1 9th January 2012 05:22
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 20:01
PHP warnings after upgrade to ISP config 3.03 stevegjacobs Installation/Configuration 5 30th October 2010 14:31
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11


All times are GMT +2. The time now is 04:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.