Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th December 2005, 04:46
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chained / intermediate SSL certificates

Hi,

ispconfig is great, well done to all those involved. Though i did have a bit of trouble with the "perfect" install, mainly due to the fact i have a x86_64 processor, all the answers i need were in this forum, i ended up using sendmail and vsftp with no difficulties.

I am trying to install a CA signed ssl certificate. However as part of the process i need to install an intermediate certificate.
Instructions are as follows:

---------------

INSTALLATION INSTRUCTIONS - APACHE 2.X
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache ssl.conf file and add the following directives:

SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt

- Save your ssl.conf file and restart Apache.

----------------

Now, ISPconfig seems to store ssl info in /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
so the changes i make in /etc/httpd/conf.d/ssl.conf do not seem to do anything.

If i copy the certificate issued by godaddy using the ispconfig web interface it stops the server and apache refuses to start until i re-create the self-signed certificate using a ispconfig.

I am not sure what files i need to update. If someone knows what i need to do, or even where i should start looking, your help would be appreciated.

Thanks,

Max
Reply With Quote
Sponsored Links
  #2  
Old 7th December 2005, 07:35
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

if i use a self-signed certificate SSL works fine, but if i use the cert sent to me iapache refuses to start and i get the following messages in the logs:

[Wed Dec 07 16:18:08 2005] [error] Init: Unable to read server certificate from file /home/www/web7/ssl/www.renewablestore.com.au.crt
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Dec 07 16:18:08 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

the file /home/www/web7/ssl/www.renewablestore.com.au.crt exists and is readable, and seems to contain the right info.

Thanks,

Max
Reply With Quote
  #3  
Old 7th December 2005, 10:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Maybe you installed an SSL Certificate that was not created for apache mod_ssl?
Reply With Quote
  #4  
Old 8th December 2005, 03:38
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok ... finally got it sorted. Turns out CA sent me the wrong instructions AND newlines were not cutting and pasting properly (i think they were mangled by email client) when pasting the cert into ispconfig field. Using vi to add the new lines in the cert manually allow apache to start.

How do i get changes i make to the

/etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file to be permanent, this file seems to be recreated every time a new site is added.

i would like to add the following line to Vhosts_ispconfig.conf when ssl is used for a site:

SSLCACertificateFile /etc/pki/tls/certs/CA-bundle.crt

anyone know how to do this?

thanks,

Max
Reply With Quote
  #5  
Old 8th December 2005, 11:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,788
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Put the line in the apache directives field of this website.
Reply With Quote
  #6  
Old 9th December 2005, 06:03
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

thanks till
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Certificates with OpenSSL heat Technical 3 25th January 2011 15:25
Several certificates on one only IP misterm Installation/Configuration 1 4th November 2005 00:21
Certificates for domains jdeponte Installation/Configuration 1 19th October 2005 09:55
To create certificates misterm Installation/Configuration 4 2nd October 2005 23:47


All times are GMT +2. The time now is 02:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.