Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th July 2007, 03:29
cgreentx cgreentx is offline
Junior Member
 
Join Date: Jul 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default Need some handholding on replacing the self-signed SSL Certs

I would like to replace the SSL cert used by ISPConfig with a real purchased cert. Can anyone provide a simple step by step on generating the CSR and where to put the resulting CRT files? I'm familiar with the process on Windows, but I haven't done SSL on *nix before.

Thanks,
Chris Green
Reply With Quote
Sponsored Links
  #2  
Old 6th July 2007, 08:15
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Hi,

are the fields in the tab "ssl" of the approprate web filled?
if so, you can take the displayed csr and get a new one with that.
Otherwise fill the form, select generate certificate. This will generate a CSR (+self signed cert). Take the CSR
get a cert withit and place the certs content in the appropriate box an select save certificate.

This process is also described in the manual that you can find inside ISPConfig.

Last edited by Ben; 6th July 2007 at 08:18.
Reply With Quote
  #3  
Old 6th July 2007, 13:29
cgreentx cgreentx is offline
Junior Member
 
Join Date: Jul 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Ben
Hi,

are the fields in the tab "ssl" of the approprate web filled?
if so, you can take the displayed csr and get a new one with that.
Otherwise fill the form, select generate certificate. This will generate a CSR (+self signed cert). Take the CSR
get a cert withit and place the certs content in the appropriate box an select save certificate.

This process is also described in the manual that you can find inside ISPConfig.
I'm referring to the SSL certificates used by ISPConfig itself, not by the hosted sites. I can't find anything in the web interface to manage that stuff. Perhaps there is simply a way to disable SSL in the config and go back to regular HTTP? I host only my own sites so I can live without SSL on ISPConfig.

Chris Green
Reply With Quote
  #4  
Old 6th July 2007, 14:10
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Smile

Quote:
Originally Posted by cgreentx
I'm referring to the SSL certificates used by ISPConfig itself, not by the hosted sites. I can't find anything in the web interface to manage that stuff. Perhaps there is simply a way to disable SSL in the config and go back to regular HTTP? I host only my own sites so I can live without SSL on ISPConfig.

Chris Green
Code:
spirit:~/ispconfig/httpd/conf/ssl.csr# cat server.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAlpBMQswCQYDVQQIEwJFQzELMAkGA1UE
BxMCUEUxEDAOBgNVBAoTB0lUIEdlYXIxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFt
MRwwGgYDVQQDExNzcGlyaXQuaXRnZWFyLmNvLnphMSQwIgYJKoZIhvcNAQkBFhVz
ZWN1cml0eUBpdGdlYXIuY28uemEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMmRgCUXq06NzXcNlLzCaxhDMN8c36ZqK/w7li9zx498q+a49cmSLhYMDVY4YVab
VbqtaAssXJwNDfgdLwmrct8ydvc3ovv/7+LG2KWqgqmTt6bXDjqqjg+nteS5Nzqa
IbrDVfLVOWlH+MfU74iHqL9y1jsJ9320kAcVEmGADBkHAgMBAAGgADANBgkqhkiG
9w0BAQUFAAOBgQBh9r4u+FNodFuUccmlvQ2Ey65t3pshTScQfzX0SPl+lYz3lmcn
lJfZglxaS014kRgyVj5cinwarWSds8UYXOKSc5FhyA8CZqKajOLUpCpvKuKbMnnf
Q5qyKpWlZEtoylvYNCRpMpw6cHvbuAqDHDYQbiKpv4LjeHqtL2CWZYlOfg==
-----END CERTIFICATE REQUEST-----
spirit:~/ispconfig/httpd/conf/ssl.csr#
/ispconfig/httpd/conf/ssl.csr/ <---- SSL Cert Request
/ispconfig/httpd/conf/ssl.key/ <---- SSL Server Key
/ispconfig/httpd/conf/ssl.crt/ <---- SSL Certificate

Use /ispconfig/httpd/conf/sserver.csr to request your new Certificate from your provider.
Replace /ispconfig/httpd/conf/ssl.crt/server.crt with your new cert.

Last edited by PoleCat; 6th July 2007 at 14:12.
Reply With Quote
The Following User Says Thank You to PoleCat For This Useful Post:
cgreentx (7th July 2007)
  #5  
Old 6th July 2007, 14:53
cgreentx cgreentx is offline
Junior Member
 
Join Date: Jul 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thanks. That will help a lot. How do I generate the new CSR? I assume the old one was generated during the install which has all the default "Snake Oil" information in it.

Thanks!
Chris Green
Reply With Quote
  #6  
Old 6th July 2007, 15:04
PoleCat PoleCat is offline
Member
 
Join Date: Mar 2007
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts
Default

openssl req -new -nodes -keyout server.key -out server.csr

http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ssl.html

Reply With Quote
The Following User Says Thank You to PoleCat For This Useful Post:
cgreentx (7th July 2007)
  #7  
Old 7th July 2007, 00:06
cgreentx cgreentx is offline
Junior Member
 
Join Date: Jul 2007
Posts: 10
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

All is good. I picked up a TurboSSL certificate from my registrar for $27.

Chris Green
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 and multiple SSL configs and name based virtual hosting Creator1326 Server Operation 11 5th October 2010 19:28
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 04:03
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 16:31
2 Questions (1 SSL Related and 1 dns forward related) phamels Installation/Configuration 11 4th January 2006 01:33


All times are GMT +2. The time now is 12:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.