Here i am enlisted entire step by step installation guide of new SSL certificate in ISPConfig3 server for new domain name.
I recently got a SSL certificate with the instructions to implement it on the ISPConfig 3 control panel.
The ISPConfig control panel has the “SSL Key”, “SSL Request”, “SSL Certificate” and “SSL Bundle” options and the certificate I got delivered had the “www_domain_tld.crt”, “AddTrustExternalCARoot.crt” and “PositiveSSLCA2.crt” files.
The private key was named “domain.tld.key”.
The first thing I do is to turn on the SSL option for this specific website in ISPConfig.
Then at the SSL options I fill in the options for “State”, “Locality”, “Organisation”, “Organisation Unit”, “Country” and “SSL Domain” with respectively the province, city, company name, company name, country and full domain including the www. subdomain (as this certificate was specifically issued for the www.domain.tld domain only, no wildcard or multi-domain) and hit “Create Certificate” on the “SSL Action” option.
Now the ISPConfig system has the “www.domain.tld.crt”, “www.domain.tld.csr”, “www.domain.tld.key” and “www.domain.tld.key.org” files in the /var/www/domain.tld/ssl directory.
The next thing I found a bit puzzling.
The files generated by ISPConfig and the SSL supplier don’t match up but this is how I made it work:
The ”domain.tld.key” is obviously the private key, so I placed this in the ssl directory overwriting ”www.domain.tld.key”.
The ”www_domain_tld.crt” seems to be the domain certificate, so I have replaced the “www.domain.tld.crt” file in the ssl folder with that one.
Now I restart apache2
# service apache2 restart
If I test the certificate by approaching a single file (for example https://www.domain.tld/themes/theme/img/logo.jpg to eliminate any mixed content messages as false positives) from that hosting environment, I get a green “https” address bar in Chrome and sslshopper.com/ssl-checker.html tells me who the issuer was and when it expires.
It also tells me “The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.”.
When I look at the SSL options in ISPConfig, I see most options are filled out, except the “SSL Bundle” option.
I have put the “AddTrustExternalCARoot.crt” file in the SSL directory and named it “www.domain.tld.bundle”.
This leaves me with an awkward ”PositiveSSLCA2.crt” file to put somewhere in the equation.
In order to make this certificate work in all browsers, you’ll need to copy that file to the ssl folder of the hosting for that domain and navigate to the options for the hosting for this domain and stick “SSLCACertificateFile /var/www/domain.tld/ssl/PositiveSSLCA2.crt” into the “Apache Directives” option.
That last bit was to install the intermediate CA certificate correctly.