Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th August 2007, 01:59
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default Problem installing SSL for WebSite

I needed to get an actual SSL Cert for one of the 3 websites I am running under ISPCONFIG. I put in the information and chose create certificate and saved. Then I copied the SSL Request and put it into my application for a key. Got the key and pasted it into the SSL Certificate box in ISPCONFIG for the website I need the key for, saved it and restarted ispconfig_server. All restarted but I can not get to the website. I am using Fedora Core 7 setup using the how to for FC7 and asked for a mod ssl type key. Does everything have to be the same as far as company information that was entered during the how to for openssl, even the department? I setup ISPCONFIG using my company name etc.. but the department I used was web. I am using www for the website. Just so I am clear, IPCONFIG is setup as web.mydomainname.com and my website is www.mydomainname.com. Also does the number of days play a factor as I plan to buy a 3 year cert?

httpd does not start and the error I am getting in the error log of the website is:
Unable to configure RSA server private key
SSL Library error: 185073780 error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch

Do I need to regen my keys on the server using the same code as in the how to for FC7 or just the x509 ones?

Trying to figure it all out but don't want to do anything that is going to cause me to start over...


John

Last edited by jtheed; 8th August 2007 at 02:14.
Reply With Quote
Sponsored Links
  #2  
Old 8th August 2007, 08:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,384 Times in 4,231 Posts
Default

Quote:
Do I need to regen my keys on the server using the same code as in the how to for FC7 or just the x509 ones?
No.

You must copy the certificate that you received back to the certificate box and not the key of the SSL certificate and then select save and not create as action.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 8th August 2007, 15:25
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default

Quote:
Originally Posted by till
No.

You must copy the certificate that you received back to the certificate box and not the key of the SSL certificate and then select save and not create as action.
I may be using the word KEY in the wrong context because that's what I did. I entered the information at the top of the SSL form in ISPCONFIG and chose create to make the SSL Request, then I chose save, after that I copied the request into the CA's form and when I got the files from the CA, I took the one that ended in .crt and pasted it into SSL Certificate and chose save as the option and then clicked on save. When I restarted ISPCONFIG, httpd failed to restart with the error.

I also recieved a file called my_domain_name.ca-bundle. Was I supposed to do anything with this?

Thanks

John
Reply With Quote
  #4  
Old 9th August 2007, 15:08
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default

Could part of my problem be that I am calling the ISP Server web.mydomainname.com and then I have setup a website called www.mydomainname.com?

Can I change the name of the ISP server or will I have to re-install ISPCONFIG in order to change the name, if it's causing me a problem.

Hoping to get this resolved soon. I am trying to go live with this by this weekend.

Thanks

John
Reply With Quote
  #5  
Old 9th August 2007, 15:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by jtheed
Could part of my problem be that I am calling the ISP Server web.mydomainname.com and then I have setup a website called www.mydomainname.com?
No, that's no problem.

Did you take a look at this guide? http://www.howtoforge.com/faq/14_49_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 9th August 2007, 15:36
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default

I think I have it worked out.

While viewing the cert created by ISPCONFIG for the ISP Server, I realized that when I installed ISPCONFIG, I always used MY email address and setup the oranganization as web. SO, this time, I logged in as admin, deleted the existing cert that was created by ISPCONFIG, logged out, logged back in as myself, created a request using web as the organization and submitted it. Now, there are no errors bring ISPCONFIG and httpd back up and the cert shows my CA's name.

I am running this at home this week while I am off (some vacation), so it still shows as can't be trusted, but that has to be because it's not sitting at the IP it is supposed to be at, yes?

Thanks for the replies guys and the fantastic work you all do in helping everyone on this site.... it's really appreciated.

John
Reply With Quote
  #7  
Old 10th August 2007, 16:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by jtheed
I am running this at home this week while I am off (some vacation), so it still shows as can't be trusted, but that has to be because it's not sitting at the IP it is supposed to be at, yes?
The IP doesn't matter, but I guess you're also using a different hostname?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 11th August 2007, 03:20
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default

The IP address that the domain is sitting at right now is the only thing that is different. The DNS points to the IP address at work and right now, I am just running it on my home DSL Non-Static IP. I just change my host files on my workstation to match the current IP to connect to the server for testing. I'll know more tomorrow as I am taking it back to work. Hopefully, the warning stops popping up then.

John
Reply With Quote
  #9  
Old 11th August 2007, 19:25
jtheed jtheed is offline
Member
 
Join Date: Jul 2007
Posts: 70
Thanks: 12
Thanked 4 Times in 3 Posts
Default

Update: I contacted my SSL CA and they said I was getting the not trusted warning because of no intermediate file being installed., So I added the intermediate ca file, as per their instructions, to the .conf files, both the httpd.conf and the httpd.conf.https files where they are looking for the SSLCertificateChainFile. They were commented out originally. Not sure I needed it in both conf files, but now. IE 6 or IE7 do not complain, but Firefox 2.0.0.6 still complains even though the CA is listed as an Authority. Does anyone know why this might be happening only in Firefox? It may in others, but I only have FireFox and IE6 - IE7.

50% of the way there....
Reply With Quote
  #10  
Old 12th August 2007, 10:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,384 Times in 4,231 Posts
 
Default

What is the exact error message that you get in firefox?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11
SSL problem LeoLinux Installation/Configuration 12 15th March 2007 00:15
Can't solve SSL problem virtualweb Installation/Configuration 2 10th January 2007 16:50
Interface for installing SSL Intermediate Certificate LumpyOne Feature Requests 3 20th November 2006 20:28
problem with ssl cappeonghe General 1 7th August 2006 13:22


All times are GMT +2. The time now is 16:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.