#1  
Old 21st December 2012, 17:13
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default SSL certificate

Hi all and a merry xmas

I have a ispconfig server called subname.tlsystems.co.uk
I also have my company website on it called tlsystems.co.uk as client 1, now my problem is with a comodo instantssl certificate.

I have been having this issue since i installed ispconfig 3, 1 yr ago, but never got around to fix it properly.

I have deleted all files (backed up before) in /var/www/tlsystems/ssl/
I then logged in to the control panel (ISPCONFIG) went to website - tlsystems.co.uk - SSL tab. My original info was in the boxes - state, locality etc down to ssl domain. so i just clicked create certificate. a little time after i have 4 files.
a *.crt, *.csr, *.key and *.key.org
I logged on to instantssl and revoked my original cert and requested a new cert using the SSL request file which i emailed them. got it from /var/www/tlsystems.co.uk/ssl/
I was then emailed back a zip fie containing 2 files a website_co_uk.ca-bundle and website_co_uk.crt.
I backed up the old crt and filezilled them to ssl folder on server
I purchased the manual for ispconfig 3 and also read on the forums about changing the IPv4 address from * to the actual IP. I cannot, only have * in Pull down..

when i go to https://www.tlsystems.co.uk in internet explorer the certificate shows as localhost.localdomain, but viewed in firefox it is not supplying identity information.

so please can anyone help with correctly putting 1 ssl certificate right

cheers in advance

dave
Reply With Quote
Sponsored Links
  #2  
Old 21st December 2012, 17:30
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

Quote:
I was then emailed back a zip fie containing 2 files a website_co_uk.ca-bundle and website_co_uk.crt.
I backed up the old crt and filezilled them to ssl folder on server
Please follow the procedure as described in the manual chapter 5.4. The manual instructs you to enter the ssl cert that you got back from ssl authority into the ssl cert field in ispconfig, then select save as action and click on the save button.

Quote:
I purchased the manual for ispconfig 3 and also read on the forums about changing the IPv4 address from * to the actual IP. I cannot, only have * in Pull down..
Then you might have missed to add your IP address under System > Server IP.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st December 2012, 17:36
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default

Cheers for reply Till,

Just saw and added IP address in system - Server IP addresses - add new IP
done

Pasted SSL certificate and SSL bundle.

Just going to check now

dave
Reply With Quote
  #4  
Old 21st December 2012, 17:39
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default

Till,

Why does it say "This website does not supply ownership information"


dave
Reply With Quote
  #5  
Old 21st December 2012, 18:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,704
Thanks: 819
Thanked 5,321 Times in 4,174 Posts
Default

What kind of ssl cert id you buy? There are different kind of ssl certs available, the cheaper ones verify onle the domain and not the ownership of the domain. The ceaper ones are displayed e.g. In blue in the browser bar while the expensive ones with ownership validation have a green bar.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 21st December 2012, 20:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by chief View Post
Till,

Why does it say "This website does not supply ownership information"


dave
Because the certificate is domain-validated, not organization-validated.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 22nd December 2012, 12:58
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default

till,

I broke it....

I set an ip using system, this morning i could not access another domain i have under my client name, it pointed back to my main tlsystems.co.uk.
I then went in to control panel and deleted IP where i set it yesterday, now i cannot access any site or adminpanel or phpmyadmin..

what is the best steps to fis / restore or cry


dave
Reply With Quote
  #8  
Old 22nd December 2012, 14:52
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default

I can ssh in.
I have read log and found out httpd could not start

I have deleted old dbispconfig and then imported last nights export, grant ispconfig user all access to database.

is it possible or better to reinstall ispconfig, or chase errors

dave
Reply With Quote
  #9  
Old 22nd December 2012, 15:05
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
Default

got it,

httpd logs had an error in the SSL certificate and line 124 of my main tlsystems.vhosts file, turn it off and hash out certificate line httpd then restarted and i can access ispconfig.

thank god for backups and


apachectl configtest

tail -f /var/log/httpd/error_log

merry xmas all

dave
Reply With Quote
  #10  
Old 24th December 2012, 15:19
chief chief is offline
Member
 
Join Date: Nov 2008
Location: Barry. UK
Posts: 58
Thanks: 3
Thanked 2 Times in 2 Posts
 
Default

Another question about SSL certificate and setting an IP address under system.

When i did set an IP, all other domains in the server was then pointing back to tlsystems.co.uk.
e.g. i have a domain called myhairyarse.com which i only use for email, so when i did set ip and updated * to the ip for tlsystems.co.uk. I could no longer logon to my myhairyarse.com/webmail as it pointed to my tlsystems.co.uk website..

Do i need to update all sites to use the ip of server instead of *

dave
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
500 internal error after upgrade abintipl Installation/Configuration 9 18th July 2012 12:51
ISPConfig 3 - CentOS 5.4 - SSL Problems!?! owainbaber Installation/Configuration 4 26th July 2011 17:12
Creating a SSL certificate - Quick guide SamTzu Tips/Tricks/Mods 22 4th January 2011 13:38
Is my postfix is hacked? bzzik Server Operation 21 15th July 2009 14:13
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59


All times are GMT +2. The time now is 08:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.