Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th December 2005, 09:35
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default digital certificate woes

Hi again,

SSL works great when i use the self signed certs genetrated by ISPconfg. Unfortunately, when i try to install a signed (by a CA) certificate apache refuses to start. There is NOTHING in the logs (var/log/httpd/error_log) to indicate what the problem might be.

It did work briefly, until i tried to add another ssl cert for a different domain. The domains are on different IP addresses.

I am using fedora core 4 x86_64, if anyone wants to see config files / logs, let me know which ones and i will post them.

I am paying for advertising of my site and really need to get this working so i don't have to use a self signed cert.

Thanks,

Max
Reply With Quote
Sponsored Links
  #2  
Old 14th December 2005, 10:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Is there anything in the SSL errror log? Normally that's another file than /var/log/httpd/error_log.

Did you paste the certificates into the correct field in ISPConfig?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th December 2005, 10:47
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko,

The /var/log/ssl_error_log contains the following line:

[Wed Dec 14 10:53:12 2005] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?

and yes i am definitely pasting the certificate into the correct field. I am not pasting anything into the csr field, since this is automatically generated. Am i assuming correctly?

Are there any other logs i should be looking at?

Thanks for your help,

Max
Reply With Quote
  #4  
Old 14th December 2005, 10:50
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

just a addition to my last post ....

the time of the error mentioned in the error log does not coincide with the times httpd failed to restart.

thanks,

Max
Reply With Quote
  #5  
Old 14th December 2005, 11:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,964
Thanks: 825
Thanked 5,366 Times in 4,213 Posts
Default

Have a look in the ssl direcory for this website, open the certificate files and check if ISPConfig has installed them correctly.

If you use an Certificate Authority like instantssl (comdo), you will have to install some additional root certificates.
Reply With Quote
  #6  
Old 14th December 2005, 11:59
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the certificate i pasted in the field in ispconfig matches the one in the site's ssl directory, so it seems ispconfig has created them properly.

I have copied the appropriate CA-bundle.crt and added:

SSLCACertificateFile /path to file/CA-bundle.crt

to the Apache directives field.

out of curiosity, at what stage does ispconfig create private keys?

thanks,

Max
Reply With Quote
  #7  
Old 14th December 2005, 12:02
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,964
Thanks: 825
Thanked 5,366 Times in 4,213 Posts
Default

The private keys where generated when you tell ISPConfig to create the csr together with the self signed certificate.
Reply With Quote
  #8  
Old 14th December 2005, 12:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Does
Code:
httpd -t
show any errors?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 14th December 2005, 12:54
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I get:

[Wed Dec 14 22:49:55 2005] [warn] NameVirtualHost 202.164.207.171:80 has no VirtualHosts
Syntax OK

when i type httpd -t

That error is a minor issue that always seems to have been there, i have been waiting until till i get my ssl problems fixed before i attempt to fix that one.

Thanks
Reply With Quote
  #10  
Old 14th December 2005, 13:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,964
Thanks: 825
Thanked 5,366 Times in 4,213 Posts
 
Default

Have a look in the directory /etc/apache/vhosts (or a similar directory where your apache config is stored). Are there copies of the Vhost_ispconfig.conf file with a date appended?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error during installation of certificate NoBullMan Installation/Configuration 4 14th December 2005 15:51
from http to https after installation? Mahir Installation/Configuration 25 7th December 2005 20:40
Certificate mphayesuk General 4 7th November 2005 10:25
howto regenerate default certificate ? DarkBen Installation/Configuration 1 27th October 2005 12:46
Default Certificate adamluz Installation/Configuration 1 27th September 2005 01:09


All times are GMT +2. The time now is 03:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.