New SSL Cert

[PoleCat]

Quote:

Originally Posted by Ben

Well I use 2.2.14 and just got an ssl cerit.
Unfortunately i did not create the csr with ispconfig but I think that should not be a problem?

Yeah thats a major problem.
You have to use the vhost's server KEY to generate the proper cert request. Only the proper Certificate will talk properly to the KEY cert it was created with.

You will have to ask your certificate provider to RE-KEY your cert with the correct Cert request.

Unless, you have the key that you generated the certificate from, and you can replace it with the vhost's key.

[Ben]

Ok then... just filled out the fields in the ispconfig's form and clicked to generate certificate....
while the csr is going to my CA, I would expect the apache to listen to https anyway, cause there is already a selfsigned certificate. But it does not. Also if I click to save cert after creating it.
Y?

[till]

Quote:

You will have to ask your certificate provider to RE-KEY your cert with the correct Cert request.

Rekeying is not nescessary. Just create a new self signed cert in ISPConfig and then replace the cert, csr and key in the files which are in the ssl directory of the website with your existing cert. Afterwards replace the cert and csr in the ISPConfig interface with your existing cert too.

[till]

Quote:

Originally Posted by Ben

Ok then... just filled out the fields in the ispconfig's form and clicked to generate certificate....
while the csr is going to my CA, I would expect the apache to listen to https anyway, cause there is already a selfsigned certificate. But it does not. Also if I click to save cert after creating it.
Y?

It may take up to a few minutes until the self signed cert is generated. If the cert does not get generated, have a look at the ispconfig.log for errors.

[Ben]

Hmm to early Anyway thx. But what should I have done with the key.org?
Cause if I compare the way ispconfig is generating the csr and I did is quite different, I did it with: openssl req -new -nodes -keyout dateiname.key -out dateiname.csr

Regarding the not listening to 443, beside that I had mod-ssl not in the apache2's mods-enabled folder but even this did not help, fater a restart (without errors) there was no change.
Here's the output of ispconfig.log

Quote:

04.07.2007 - 09:08:18 => INFO - Signalfile Set: insert
04.07.2007 - 09:08:19 => INFO - make_ssl_cnf /home/www/web35/ssl/openssl.cnf
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1751: openssl genrsa -des3 -rand /home/www/web35/ssl/random_file -passout pass:3c0830b6b4f5656 -out /home/www/web35/ssl/ssl.mydomain.de.key.org 1024 && openssl req -new -passin pass:3c0830b6b4f5656 -passout pass:3c0830b6b4f5656 -key /home/www/web35/ssl/ssl.mydomain.de.key.org -out /home/www/web35/ssl/ssl.mydomain.de.csr -days 365 -config /home/www/web35/ssl/openssl.cnf && openssl req -x509 -passin pass:3c0830b6b4f5656 -passout pass:3c0830b6b4f5656 -key /home/www/web35/ssl/ssl.mydomain.de.key.org -in /home/www/web35/ssl/ssl.mydomain.de.csr -out /home/www/web35/ssl/ssl.mydomain.de.crt -days 365 -config /home/www/web35/ssl/openssl.cnf && openssl rsa -passin pass:3c0830b6b4f5656 -in /home/www/web35/ssl/ssl.mydomain.de.key.org -out /home/www/web35/ssl/ssl.mydomain.de.key
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web35 0 0 0 0 -a &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web35 604800 604800 -a &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1231: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 2390: httpd -t &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 2397: httpd syntax ok
04.07.2007 - 09:08:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 728: /etc/init.d/apache2 restart &> /dev/null
04.07.2007 - 09:19:34 => INFO - Signalfile Set: insert
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web35 0 0 0 0 -a &> /dev/null
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web35 604800 604800 -a &> /dev/null
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1231: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~

[Ben]

Ok it works now....

In the ports.conf the line
"Listen 443" was msising in the ports.conf file.

Replacing the keys etc. worked fine as well. Big thx.