SSL Certificate for webmail

[dayjahone]

I bought an SSL certificate and it works great; however, I would the roundcube login page to use this same certificate because it doesn't give the security warnings. Is this possible?

[till]

This is possible. You will have to replace the SSL cert of the ISPconfig webserver on port 81 with your certificate. The ISPconfig server has its SSL certs in /root/ispconfig/httpd/... and then some subdirectory with ssl in the name, I dont remember the exact name at the moment

[dayjahone]

How do I know which file it is?

Quote:

/root/ispconfig/httpd/conf/ssl.crt/e52d41d0.0
/root/ispconfig/httpd/conf/ssl.crt/82ab5372.0
/root/ispconfig/httpd/conf/ssl.crt/snakeoil-dsa.crt
/root/ispconfig/httpd/conf/ssl.crt/snakeoil-rsa.crt
/root/ispconfig/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt
/root/ispconfig/httpd/conf/ssl.crt/Makefile
/root/ispconfig/httpd/conf/ssl.crt/server.crt
/root/ispconfig/httpd/conf/ssl.crt/5d8360e1.0
/root/ispconfig/httpd/conf/ssl.crt/README.CRT
/root/ispconfig/httpd/conf/ssl.crt/ca-bundle.crt
/root/ispconfig/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt
/root/ispconfig/httpd/conf/ssl.crt/0cf14d7d.0

and do I just copy my .crt file in there and rename it?

[falko]

I think it's this one: /root/ispconfig/httpd/conf/ssl.crt/server.crt

[dayjahone]

The reason for the post is that it didn't work. I copied the new .crt file into that directory, renamed the existing server.crt file to server_original.crt, renamed the new .crt file "server.crt," and restarted apache. It still comes up with the old certificate.

[till]

Which apache did you restart? You must run:

/etc/init.d/ispconfig_server restart

[dayjahone]

Now it can't connect to ISPConfig at all. The certificate does have an intermediate certificate . . . would that matter? With the site, it just made it so I still got the warning on every browser except ie. It won't even pull up my login page, though. It just says it can't connect. I just renamed the .crt file? Is there more I needed to do?

[till]

You must replace the key too, not just the cert as key and cert always belong together. If your certificate needs a intermediate cert, you will have to install this too in the httpd.conf which is in /root/ispconfig/httpd/conf/

[dayjahone]

So, I want to use the same certificate for my site as I'm using to login to roundcube webmail. It all works, except they have different hostnames: mail.mydomain.com is my server, while the certificate is for www.mydomain.com. So, it works but gives an error that, in Internet Explorer, is no less scary than the one I got with a self-signed certificate. From my understanding the hostname for the server could be anything, so can I just change the hostname on my server to www? Or is it possible to change it so you login to roundcube mail from the site rather than port 81 of the server? Basically, is there an easier way than changing the IP on the server and buying a new certificate for the same domain with a different hostname and IP address?

[till]

You do not have to change the hostname of the serve for that because ISPConfig listens on all IP addresses and domains of the server. Just use:

https://www.mydomain.com:81/roundcube/

to connect to your roundcube without changing any config files.