Need some handholding on replacing the self-signed SSL Certs

[cgreentx]

I would like to replace the SSL cert used by ISPConfig with a real purchased cert. Can anyone provide a simple step by step on generating the CSR and where to put the resulting CRT files? I'm familiar with the process on Windows, but I haven't done SSL on *nix before.

Thanks,
Chris Green

[Ben]

Hi,

are the fields in the tab "ssl" of the approprate web filled?
if so, you can take the displayed csr and get a new one with that.
Otherwise fill the form, select generate certificate. This will generate a CSR (+self signed cert). Take the CSR
get a cert withit and place the certs content in the appropriate box an select save certificate.

This process is also described in the manual that you can find inside ISPConfig.

[cgreentx]

Quote:

Originally Posted by Ben

Hi,

are the fields in the tab "ssl" of the approprate web filled?
if so, you can take the displayed csr and get a new one with that.
Otherwise fill the form, select generate certificate. This will generate a CSR (+self signed cert). Take the CSR
get a cert withit and place the certs content in the appropriate box an select save certificate.

This process is also described in the manual that you can find inside ISPConfig.

I'm referring to the SSL certificates used by ISPConfig itself, not by the hosted sites. I can't find anything in the web interface to manage that stuff. Perhaps there is simply a way to disable SSL in the config and go back to regular HTTP? I host only my own sites so I can live without SSL on ISPConfig.

Chris Green

[PoleCat]

Quote:

Originally Posted by cgreentx

I'm referring to the SSL certificates used by ISPConfig itself, not by the hosted sites. I can't find anything in the web interface to manage that stuff. Perhaps there is simply a way to disable SSL in the config and go back to regular HTTP? I host only my own sites so I can live without SSL on ISPConfig.

Chris Green

Code:

spirit:~/ispconfig/httpd/conf/ssl.csr# cat server.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAlpBMQswCQYDVQQIEwJFQzELMAkGA1UE
BxMCUEUxEDAOBgNVBAoTB0lUIEdlYXIxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFt
MRwwGgYDVQQDExNzcGlyaXQuaXRnZWFyLmNvLnphMSQwIgYJKoZIhvcNAQkBFhVz
ZWN1cml0eUBpdGdlYXIuY28uemEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMmRgCUXq06NzXcNlLzCaxhDMN8c36ZqK/w7li9zx498q+a49cmSLhYMDVY4YVab
VbqtaAssXJwNDfgdLwmrct8ydvc3ovv/7+LG2KWqgqmTt6bXDjqqjg+nteS5Nzqa
IbrDVfLVOWlH+MfU74iHqL9y1jsJ9320kAcVEmGADBkHAgMBAAGgADANBgkqhkiG
9w0BAQUFAAOBgQBh9r4u+FNodFuUccmlvQ2Ey65t3pshTScQfzX0SPl+lYz3lmcn
lJfZglxaS014kRgyVj5cinwarWSds8UYXOKSc5FhyA8CZqKajOLUpCpvKuKbMnnf
Q5qyKpWlZEtoylvYNCRpMpw6cHvbuAqDHDYQbiKpv4LjeHqtL2CWZYlOfg==
-----END CERTIFICATE REQUEST-----
spirit:~/ispconfig/httpd/conf/ssl.csr#

/ispconfig/httpd/conf/ssl.csr/ <---- SSL Cert Request
/ispconfig/httpd/conf/ssl.key/ <---- SSL Server Key
/ispconfig/httpd/conf/ssl.crt/ <---- SSL Certificate

Use /ispconfig/httpd/conf/sserver.csr to request your new Certificate from your provider.
Replace /ispconfig/httpd/conf/ssl.crt/server.crt with your new cert.

[cgreentx]

Thanks. That will help a lot. How do I generate the new CSR? I assume the old one was generated during the install which has all the default "Snake Oil" information in it.

Thanks!
Chris Green

[PoleCat]

openssl req -new -nodes -keyout server.key -out server.csr

http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ssl.html

[cgreentx]

All is good. I picked up a TurboSSL certificate from my registrar for $27.

Chris Green