Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 26th October 2013, 16:09
Tarm Tarm is offline
Junior Member
Join Date: Oct 2012
Posts: 10
Thanks: 2
Thanked 2 Times in 1 Post
Default ISPConfig 3, install SSL certificate for a new domain


I've looked at the following guide on how to install a SSL certificate on my ISPConfig 3 server:

I have no SSL certificate installed for my main domain (I don't actually need one at this time). I see this how-to is based on how to install on my main domain.
I have a domain direct to my server (let's say NewDomain.com). How would I proceed creating a class2 ssl certificate for NewDomain.com for my server?

The last time I tried it using the mentioned link, my server crashed (I had to do a pretty good clean-up to get it working again). Sorry for not wanting to try this approach again before asking.

Any tips or direction to get me started?

Thank you!
Reply With Quote
Sponsored Links
Old 28th October 2013, 11:27
jimarmstrong jimarmstrong is offline
Junior Member
Join Date: Mar 2013
Location: St. Petersburg, Florida, 33701 US
Posts: 1
Thanks: 0
Thanked 1 Time in 1 Post
Thumbs up Re:

Here i am enlisted entire step by step installation guide of new SSL certificate in ISPConfig3 server for new domain name.

I recently got a SSL certificate with the instructions to implement it on the ISPConfig 3 control panel.

The ISPConfig control panel has the “SSL Key”, “SSL Request”, “SSL Certificate” and “SSL Bundle” options and the certificate I got delivered had the “www_domain_tld.crt”, “AddTrustExternalCARoot.crt” and “PositiveSSLCA2.crt” files.

The private key was named “domain.tld.key”.

The first thing I do is to turn on the SSL option for this specific website in ISPConfig.

Then at the SSL options I fill in the options for “State”, “Locality”, “Organisation”, “Organisation Unit”, “Country” and “SSL Domain” with respectively the province, city, company name, company name, country and full domain including the www. subdomain (as this certificate was specifically issued for the www.domain.tld domain only, no wildcard or multi-domain) and hit “Create Certificate” on the “SSL Action” option.

Now the ISPConfig system has the “www.domain.tld.crt”, “www.domain.tld.csr”, “www.domain.tld.key” and “www.domain.tld.key.org” files in the /var/www/domain.tld/ssl directory.

The next thing I found a bit puzzling.

The files generated by ISPConfig and the SSL supplier don’t match up but this is how I made it work:

The ”domain.tld.key” is obviously the private key, so I placed this in the ssl directory overwriting ”www.domain.tld.key”.

The ”www_domain_tld.crt” seems to be the domain certificate, so I have replaced the “www.domain.tld.crt” file in the ssl folder with that one.

Now I restart apache2

# service apache2 restart
If I test the certificate by approaching a single file (for example https://www.domain.tld/themes/theme/img/logo.jpg to eliminate any mixed content messages as false positives) from that hosting environment, I get a green “https” address bar in Chrome and sslshopper.com/ssl-checker.html tells me who the issuer was and when it expires.

It also tells me “The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.”.

When I look at the SSL options in ISPConfig, I see most options are filled out, except the “SSL Bundle” option.

I have put the “AddTrustExternalCARoot.crt” file in the SSL directory and named it “www.domain.tld.bundle”.

This leaves me with an awkward ”PositiveSSLCA2.crt” file to put somewhere in the equation.

In order to make this certificate work in all browsers, you’ll need to copy that file to the ssl folder of the hosting for that domain and navigate to the options for the hosting for this domain and stick “SSLCACertificateFile /var/www/domain.tld/ssl/PositiveSSLCA2.crt” into the “Apache Directives” option.

That last bit was to install the intermediate CA certificate correctly.
Reply With Quote
The Following User Says Thank You to jimarmstrong For This Useful Post:
Tarm (22nd November 2013)


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing ssl certificate in ispconfig from 123-reg ssl ginner159 Server Operation 2 31st May 2013 00:11
Problem access ispconfig url wearth General 1 30th May 2013 14:50
Control Panel - E-mail Tab is empty domi-nik General 15 14th April 2011 19:17
Maia Mailguard with ISPconfig seangee Installation/Configuration 4 24th June 2010 10:08
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 18:59

All times are GMT +2. The time now is 12:44.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.