#11  
Old 3rd July 2007, 22:58
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by Ben
Well I use 2.2.14 and just got an ssl cerit.
Unfortunately i did not create the csr with ispconfig but I think that should not be a problem?
Yeah thats a major problem.
You have to use the vhost's server KEY to generate the proper cert request. Only the proper Certificate will talk properly to the KEY cert it was created with.

You will have to ask your certificate provider to RE-KEY your cert with the correct Cert request.

Unless, you have the key that you generated the certificate from, and you can replace it with the vhost's key.
Reply With Quote
Sponsored Links
  #12  
Old 4th July 2007, 09:20
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Ok then... just filled out the fields in the ispconfig's form and clicked to generate certificate....
while the csr is going to my CA, I would expect the apache to listen to https anyway, cause there is already a selfsigned certificate. But it does not. Also if I click to save cert after creating it.
Y?
Reply With Quote
  #13  
Old 4th July 2007, 09:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,983
Thanks: 825
Thanked 5,372 Times in 4,219 Posts
Default

Quote:
You will have to ask your certificate provider to RE-KEY your cert with the correct Cert request.
Rekeying is not nescessary. Just create a new self signed cert in ISPConfig and then replace the cert, csr and key in the files which are in the ssl directory of the website with your existing cert. Afterwards replace the cert and csr in the ISPConfig interface with your existing cert too.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #14  
Old 4th July 2007, 09:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,983
Thanks: 825
Thanked 5,372 Times in 4,219 Posts
Default

Quote:
Originally Posted by Ben
Ok then... just filled out the fields in the ispconfig's form and clicked to generate certificate....
while the csr is going to my CA, I would expect the apache to listen to https anyway, cause there is already a selfsigned certificate. But it does not. Also if I click to save cert after creating it.
Y?
It may take up to a few minutes until the self signed cert is generated. If the cert does not get generated, have a look at the ispconfig.log for errors.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #15  
Old 4th July 2007, 09:26
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Hmm to early Anyway thx. But what should I have done with the key.org?
Cause if I compare the way ispconfig is generating the csr and I did is quite different, I did it with: openssl req -new -nodes -keyout dateiname.key -out dateiname.csr

Regarding the not listening to 443, beside that I had mod-ssl not in the apache2's mods-enabled folder but even this did not help, fater a restart (without errors) there was no change.
Here's the output of ispconfig.log
Quote:
04.07.2007 - 09:08:18 => INFO - Signalfile Set: insert
04.07.2007 - 09:08:19 => INFO - make_ssl_cnf /home/www/web35/ssl/openssl.cnf
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1751: openssl genrsa -des3 -rand /home/www/web35/ssl/random_file -passout pass:3c0830b6b4f5656 -out /home/www/web35/ssl/ssl.mydomain.de.key.org 1024 && openssl req -new -passin pass:3c0830b6b4f5656 -passout pass:3c0830b6b4f5656 -key /home/www/web35/ssl/ssl.mydomain.de.key.org -out /home/www/web35/ssl/ssl.mydomain.de.csr -days 365 -config /home/www/web35/ssl/openssl.cnf && openssl req -x509 -passin pass:3c0830b6b4f5656 -passout pass:3c0830b6b4f5656 -key /home/www/web35/ssl/ssl.mydomain.de.key.org -in /home/www/web35/ssl/ssl.mydomain.de.csr -out /home/www/web35/ssl/ssl.mydomain.de.crt -days 365 -config /home/www/web35/ssl/openssl.cnf && openssl rsa -passin pass:3c0830b6b4f5656 -in /home/www/web35/ssl/ssl.mydomain.de.key.org -out /home/www/web35/ssl/ssl.mydomain.de.key
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web35 0 0 0 0 -a &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web35 604800 604800 -a &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1231: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 2390: httpd -t &> /dev/null
04.07.2007 - 09:08:20 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 2397: httpd syntax ok
04.07.2007 - 09:08:30 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php, Line 728: /etc/init.d/apache2 restart &> /dev/null
04.07.2007 - 09:19:34 => INFO - Signalfile Set: insert
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web35 0 0 0 0 -a &> /dev/null
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web35 604800 604800 -a &> /dev/null
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
04.07.2007 - 09:19:41 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1231: cp -fr /etc/apache2/vhosts/Vhosts_ispconfig.conf /etc/apache2/vhosts/Vhosts_ispconfig.conf~

Last edited by Ben; 4th July 2007 at 09:31.
Reply With Quote
  #16  
Old 4th July 2007, 10:13
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
 
Default

Ok it works now....

In the ports.conf the line
"Listen 443" was msising in the ports.conf file.

Replacing the keys etc. worked fine as well. Big thx.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
imap ssl cert Dy0nisus Installation/Configuration 5 2nd March 2007 14:53
ssl cert expired unkn0wn Server Operation 6 11th June 2006 21:51
Can't get SSL Cert to work rbartz Installation/Configuration 4 23rd April 2006 09:32
REAL SSL Cert install problems theduke Installation/Configuration 5 4th October 2005 22:06


All times are GMT +2. The time now is 22:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.