SSL for website isnt working

[czdavid]

Hello,

on my ispconfig3 server isnt working SSL for website (hosted).
Everytime I got this browser error - net::ERR_SSL_PROTOCOL_ERROR

I tried just create seft-signed certificate...

It look like ispconfig havent created directives in apache vhost or I dont know...
Can anyone help me?

[falko]

What's the output of

Code:

ls -la

in the web site's ssl/ directory?

What values did you fill in on the web site's SSL tab in ISPConfig?

[czdavid]

Output ls -la of SSL website folder:

root@myserver:/var/www/intranet.domain.cz/ssl# dir
intranet.domain.cz.crt intranet.domain.cz.key
intranet.domain.cz.csr intranet.domain.cz.key.org



VHOST


I cant find apache directivities for port 443. Is it ok?

And I havent added any IP address in ispconfig - I used "*" option for websites.
But my server have set one public IP address and websites are working fine on port 80 (http).

[FutileFreedom]

@above:
Make sure in the first tab you have SSL is checked. Also, the Port 443 directives are down below the port 80 virtual host in the file.



Then, when I used cat *d3d* | grep VirtualHost it returned this which shows the port 80 vhost above the port 443.


Not sure if I'm understanding this right so correct me if I'm wrong.

[czdavid]

Thank you very much.
I havent checked SSL in website settings (like on your screen).

Now is SSL working.

Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?
What happend if some customer activate SSL from his website on same server (same public IP)?

[falko]

Quote:

Originally Posted by czdavid

Is possible some way to migrate SSL Cert. with CSR from another server (not ispconfig)?

Yes, make backups of the SSL files generated by ISPConfig in the ssl folder, and then place your cert, csr and key in the ssl folder and rename them to the files names of the original SSL files generated by ISPConfig. Restart Apache afterwards.

Quote:

Originally Posted by czdavid

What happend if some customer activate SSL from his website on same server (same public IP)?

You can enable SNI under Sstem > Server Config on the Web tab. If you use SNI, you can run multiple SSL web sites on one IP (but be aware that not all browsers support this, for example, IE on WinXP has no SNI support; all other browsers are fine).

If you don't use SNI, you must have one IP per SSL web site.

[czdavid]

Thank you ... you are saver.

I have enabled SNI, but SSL Cert. is set for domain1.tld and if I tried https://domain2.tld and that domain use SSL Cerf. from domain1.tld.

I tried Chrome and Opera.

On server is set only one SSL Cert. Is it ok or SNI isnt working?

[falko]

You must enable SSL for both domains (and both domains must have an SSL cert).

[czdavid]

Quote:

Originally Posted by falko

You must enable SSL for both domains (and both domains must have an SSL cert).

I tried like you described - for both domains is SSL enabled and both have SSL Cert.

Problem is second domain which using SSL cert from first domain - isnt working like you described. Is possible check if is SNI working?
Is necessary select for domains IP address from roll menu or I can use option "*" (I´m using option "*" for all of my websites). I mean for SNI and SSL working right.

[falko]

Can you check in the ssl folder of both websites that they use their own certificates, and that both APache vhost files reference these certs?