Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th May 2012, 15:01
czdavid czdavid is offline
Member
 
Join Date: Aug 2008
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSL for website isnt working

Hello,

on my ispconfig3 server isnt working SSL for website (hosted).
Everytime I got this browser error - net::ERR_SSL_PROTOCOL_ERROR

I tried just create seft-signed certificate...

It look like ispconfig havent created directives in apache vhost or I dont know...
Can anyone help me?
Reply With Quote
Sponsored Links
  #2  
Old 14th May 2012, 14:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

What's the output of
Code:
ls -la
in the web site's ssl/ directory?

What values did you fill in on the web site's SSL tab in ISPConfig?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th May 2012, 14:20
czdavid czdavid is offline
Member
 
Join Date: Aug 2008
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Output ls -la of SSL website folder:

root@myserver:/var/www/intranet.domain.cz/ssl# dir
intranet.domain.cz.crt intranet.domain.cz.key
intranet.domain.cz.csr intranet.domain.cz.key.org



VHOST


I cant find apache directivities for port 443. Is it ok?

And I havent added any IP address in ispconfig - I used "*" option for websites.
But my server have set one public IP address and websites are working fine on port 80 (http).

Last edited by czdavid; 14th May 2012 at 14:24.
Reply With Quote
  #4  
Old 14th May 2012, 16:53
FutileFreedom FutileFreedom is offline
Junior Member
 
Join Date: May 2011
Location: Pennsylvania
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Skype™ to FutileFreedom
Default

@above:
Make sure in the first tab you have SSL is checked. Also, the Port 443 directives are down below the port 80 virtual host in the file.



Then, when I used cat *d3d* | grep VirtualHost it returned this which shows the port 80 vhost above the port 443.


Not sure if I'm understanding this right so correct me if I'm wrong.

Last edited by FutileFreedom; 14th May 2012 at 16:58. Reason: Forgot a close tag
Reply With Quote
  #5  
Old 14th May 2012, 20:56
czdavid czdavid is offline
Member
 
Join Date: Aug 2008
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you very much.
I havent checked SSL in website settings (like on your screen).

Now is SSL working.

Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?
What happend if some customer activate SSL from his website on same server (same public IP)?

Last edited by czdavid; 14th May 2012 at 21:10.
Reply With Quote
  #6  
Old 15th May 2012, 16:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Quote:
Originally Posted by czdavid View Post
Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?
Yes, make backups of the SSL files generated by ISPConfig in the ssl folder, and then place your cert, csr and key in the ssl folder and rename them to the files names of the original SSL files generated by ISPConfig. Restart Apache afterwards.
Quote:
Originally Posted by czdavid View Post
What happend if some customer activate SSL from his website on same server (same public IP)?
You can enable SNI under Sstem > Server Config on the Web tab. If you use SNI, you can run multiple SSL web sites on one IP (but be aware that not all browsers support this, for example, IE on WinXP has no SNI support; all other browsers are fine).

If you don't use SNI, you must have one IP per SSL web site.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 15th May 2012, 23:28
czdavid czdavid is offline
Member
 
Join Date: Aug 2008
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you ... you are saver.

I have enabled SNI, but SSL Cert. is set for domain1.tld and if I tried https://domain2.tld and that domain use SSL Cerf. from domain1.tld.

I tried Chrome and Opera.

On server is set only one SSL Cert. Is it ok or SNI isnt working?
Reply With Quote
  #8  
Old 16th May 2012, 12:49
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

You must enable SSL for both domains (and both domains must have an SSL cert).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 16th May 2012, 14:12
czdavid czdavid is offline
Member
 
Join Date: Aug 2008
Posts: 43
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
You must enable SSL for both domains (and both domains must have an SSL cert).
I tried like you described - for both domains is SSL enabled and both have SSL Cert.

Problem is second domain which using SSL cert from first domain - isnt working like you described. Is possible check if is SNI working?
Is necessary select for domains IP address from roll menu or I can use option "*" (I´m using option "*" for all of my websites). I mean for SNI and SSL working right.

Last edited by czdavid; 16th May 2012 at 17:48.
Reply With Quote
  #10  
Old 17th May 2012, 13:30
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
 
Default

Can you check in the ssl folder of both websites that they use their own certificates, and that both APache vhost files reference these certs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 16:08
Need help with ISPConfig 3 Update midcarolina Installation/Configuration 36 8th November 2011 23:07
SSL Sites not working scottrill2 General 3 31st January 2011 14:08
PHP not working with SSL linuxwannabe Server Operation 12 29th October 2008 06:39
Site SSL not working cic Installation/Configuration 6 16th October 2007 19:01


All times are GMT +2. The time now is 08:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.