Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 14th October 2007, 16:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Quote:
Originally Posted by chancer
Thanks, till, but I don't want a self-signed certificate. I want a CAcert signed certificate. What I need to generate at this time is the request.
What I described above is the procedure to create the request

You take the request that has been created by ISPConfig, sign it at cacert and put the certificate that you got from cacert into the certificate field. Then select "save" as action and click on the save button.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Sponsored Links
  #12  
Old 14th October 2007, 17:17
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Excellent. Thanks for the help, till - and for your patience. Both very much appreciated.
Reply With Quote
  #13  
Old 15th October 2007, 22:50
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

So, SSL Cert added, all looks to be in the right place. However, now getting a strange error message when trying to bring up the site or the admin section (it's not called admin any more) with https:// on a site with Zen Cart as its only content. I need to know whether the peoblem is generated by ISPConfig, Zen Cart, the CAcert or some combination. The error message is:

www.celectronics.co.uk has sent an incorrect or unexpected error code: -12263

and an error not found when trying either with http://
Reply With Quote
  #14  
Old 15th October 2007, 23:36
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Playing with Zen Cart as well ! thats definitely compounding the felony.

When you say 'bringing it up with https, do you mean simply using https in the url rather than http, or that you are going to the user login/signup page or admin login, where it should automatically switch to https?

It should work either way, but it can get tricky on some setups. The -12263 is a nasty as well. Means - I'm not happy with the data I'm getting.

Could I suggest copy and back up your caCert stuff, then use the ISPConfig ssl page to generate a self signed certificate from the CSR, as Till described earlier in the thread, and test with that?
It'll give the usual bloodthirsty warnings, but it's fine for testing to see if it gives a similar error.
Reply With Quote
  #15  
Old 15th October 2007, 23:59
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Both, in the URL. Trying to go to the admin login or the site itself via the address bar gives the same result.

OK, I'll try that and report back. Thanks.
Reply With Quote
  #16  
Old 16th October 2007, 00:40
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

Same result. Also, ISPConfig is reluctant to generate anything. A couple of times now I've had to delete a private key only and go back in to get a certificate and a request.

What next? Do a full Zen Cart reinstall with the (CA)cert already in place? That's several hours of installation and reconfiguration, but if it gets the thing working? I could be just as long trying to work out what's wrong here and still end up with the same conclusion, I suppose.

Or is there something else I could try?
Reply With Quote
  #17  
Old 16th October 2007, 01:37
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

Reinstalling etc won't solve anything, just get you back to where you are.

If your ZCart installation is operational, leave it be. I'm assuming you have edited the admin and store configure.php files and changed ENABLE_SSL_ADMIN, ENABLE_SSL_CATALOG and ENABLE_SSL to true?

Another useful step is to head to the /www/webXX/ssl folder in a terminal window/command line, and type in

openssl x509 -noout -text -in nameofcert.crt

which will list out the certificate contents. (the actual cert name should obviously be inserted).

Similarly for the CSR

openssl req -noout -text -in nameofcertreq.csr

And the following 3 can be used to check that the key, the CSR and the cert match

openssl rsa -noout -modulus -in nameofprivkey.pem |openssl md5
openssl req -noout -modulus -in nameofcertreq.csr |openssl md5
openssl x509 -noout -modulus -in nameofcert.pem |openssl md5

Also, bear in mind that where certificates are concerned, www.mydomain.com is NOT the same as mydomain.com.
Reply With Quote
The Following User Says Thank You to chuckl For This Useful Post:
chancer (16th October 2007)
  #18  
Old 16th October 2007, 02:48
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

ENABLE_SSL_CATALOG - the other two, yes, but I thought this would hide the whole catalogue behind ssl? I'll try it now and see what happens.
Reply With Quote
  #19  
Old 16th October 2007, 03:02
chuckl chuckl is offline
Senior Member
 
Join Date: May 2007
Location: Uxbridge, Middlesex, UK
Posts: 166
Thanks: 1
Thanked 20 Times in 20 Posts
Default

I think the original idea was that the ENABLE_SSL would only enable it for the payment modules, ENABLE_SSL_CATALOG does it for login and any other 'sensitive' areas after login, as well as payment. I'd have to check the code to be sure.

The other gotcha area with SSL is if you have Suexec or SuPHP enabled, they can play havoc with things if all is not perfect.
Reply With Quote
  #20  
Old 16th October 2007, 03:03
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
 
Default

Nothing happened. It's the same. So running the commands as suggested - no .pem in sight.

I've got .crt .csr .key and .key.org in the ssl directory. Could that be the root of the problem?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgraded but forgot password.. ispconfig server dont start - what now? teveo1 Installation/Configuration 2 30th August 2007 10:00
Virtual Private Server voxanBoxer Installation/Configuration 3 9th August 2007 22:21
ISPConfig didn't start on server restart TheRudy Installation/Configuration 3 7th July 2006 18:25
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 16:16
Server Not Autorative for Domain Error drbista Installation/Configuration 10 20th December 2005 17:41


All times are GMT +2. The time now is 06:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.