#1  
Old 1st July 2007, 16:19
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Exclamation New SSL Cert

I have a client that bought a new SSL CERT for his site. I have tried to install it for him, but for some weird reason its not accepting. I can paste the cert in under the SSL tab, I select SAVE cert and click SAVE. But then the old cert is still active for the site. I tried to delete the cert and then HTTPS wont work. Then just dumping in the new CERT, but still doesnt work.

How the heck do i get rid of the self signed freekin cert and replace it with the real thing in ISPC?
Reply With Quote
Sponsored Links
  #2  
Old 1st July 2007, 16:55
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

OK, this is a bug then.

I found the problem. It seems like ISPC _does_ save the file into the new www.sitename.com.crt file under /ssl/, though it does not restart apache.

I manually had to HUP apache and it refreshed it's certificates and loaded the new cert, then it worked fine.

I am running ISPC 2.2.12

Or is this fixed in the new version?
Reply With Quote
  #3  
Old 2nd July 2007, 09:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
Default

Creating a SSL cert works for me in 2.2.14 and the code has not changed since 2.2.12, so I guess its a problem on your server and not a bug. Please check your ispconfig.log file for errors.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 2nd July 2007, 09:49
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

Heya,

Creating a self signed is no problem. That restarts apache and installs the cert. Though after you have a self signed certificate and you bought a proper ssl cert, then paste in your bought ssl certificate then hit the "save certificate" tab, and click save, then it does save the new cert in the file, though it does not restart apache.
Reply With Quote
  #5  
Old 2nd July 2007, 18:56
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Which distribution do you use?
Any errors in Apache's error log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 2nd July 2007, 19:21
the_spy the_spy is offline
Member
 
Join Date: May 2007
Posts: 91
Thanks: 20
Thanked 6 Times in 6 Posts
Default

I also confirm that when I installed a real ssl certificate for a website, I needed to reboot myself apache to have the right SSL certificate online
It was on 2.2.12 or 2.2.13 when I installed it, on Debian etch + Apache 2
Reply With Quote
  #7  
Old 2nd July 2007, 20:06
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by falko
Which distribution do you use?
Any errors in Apache's error log?
Debian 3.1 AMD64
Nope, no errors.
Reply With Quote
  #8  
Old 3rd July 2007, 11:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,504
Thanks: 813
Thanked 5,266 Times in 4,129 Posts
Default

We will check this, I added this to the bugtracker.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 3rd July 2007, 15:51
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

Cool,

Can I request a feature while we're on this topic.

The certificate was from godaddy, and it worked fine with IE7 and Safari. It however gave CA errors on IE6 and all versions of Firefox.

I ended up installing the intermediate CA certificate, which I had to manually upload and add a directive for apache under ISPC to load the CA.

Is it possible to have another option under the SSL tab to insert a intermediate certificate for this purpose. I see quite a few people on the forum has had this problem before, enabling the option under the SSL tab for a intermediate certificate will simplify administrating other virtual sites as well.

Cheers.
Reply With Quote
  #10  
Old 3rd July 2007, 22:52
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
 
Default

Well I use 2.2.14 and just got an ssl cerit.
Unfortunately i did not create the csr with ispconfig but I think that should not be a problem?
Anyway I went to the web to ssl, pastet the code of both, the csr and the cert to the page and hit save.
The ispconfig.log show no error, but also nothing about restarting any serice,
e.g. it's rehashing the postfix virtusertable but not restarting it, it's copying the apache conf but not restarting apache. or isn't this shown anymore in the logs?

besides this neither apache2 ist listenning on port 443 nor the Vhosts_ispconfig.conf contains anything about ssl.
Did I forget to enable anything else?
In the ssl folder of the web's dir, there is only the file <hostname>.crt but I guess that's fine?

Edit: After some tests I found, that there's sometime the warning of not beeing able to write the crt file, e.g. i deleted the crt, then pasted only the crt code and clicked on save cert... then the follwing warning appears:

Quote:
03.07.2007 - 22:53:44 => WARN - WARNING: could not open file /home/www/web35/ssl/<domain>.crt
Even if it created the file...

Last edited by Ben; 3rd July 2007 at 22:54.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
imap ssl cert Dy0nisus Installation/Configuration 5 2nd March 2007 14:53
ssl cert expired unkn0wn Server Operation 6 11th June 2006 21:51
Can't get SSL Cert to work rbartz Installation/Configuration 4 23rd April 2006 09:32
REAL SSL Cert install problems theduke Installation/Configuration 5 4th October 2005 22:06


All times are GMT +2. The time now is 12:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.