Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th January 2008, 00:04
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default Importing existing ssl key/cert into ISPConfig site

Hi there,

I have created an SSL Site within ISPConfig, but I don't want to create an SSL Certificate - I am migrating a site in from another ISP, and I already have the X509 Key/Cert pair. Whilst I can paste in a CSR (for what it's worth!), and the key, I can't immediately see a way to input the existing private key.

Can anyone give me a clue as to how I might do this with ISPConfig? I can't imagine I'm the first to ask!

Thanks in advance,

Neil
Reply With Quote
Sponsored Links
  #2  
Old 18th January 2008, 09:46
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,754
Thanks: 840
Thanked 5,603 Times in 4,414 Posts
Default

1) Create a new "dummy" SSL cert in ISPConfig.
2) Replace the key, cert and csr files in the ssl directory of the website with the existing ones from the old server.
3) Replace the ssl cert and csr in the ispconfig interface with your existing csr and cert.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
zetnsh (18th January 2008)
  #3  
Old 18th January 2008, 10:59
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

That worked great. I think it would be good to build that into ISPConfig though - it should be easy enough to do, I've actually done it myself with a server admin system I wrote a few years ago (which now belongs to my former employer!).

Thanks for the help!
Reply With Quote
  #4  
Old 4th February 2008, 19:28
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi,

i've done that, but i'm not getting it to work.

i filled the fields about the ssl (Country etc), and chose "create certificate" and then pressed save.
then i went back into it and clicked save certificate and save.
then i replaced the .key, .csr and .crt files in the ssl directory
then i copy&pasted the contents of the .csr into the first, and of the .crt into the second field and clicked save certificate.

when i now open my site with https://, i get a wrong cert. , based on the fields i filled with "dummy" stuff.

what i have:
- a .key, a .cert and a self-made .csr (made with the .key)
- got the certificate with my hosting at ovh (they gave me the .key and a dedicated IP, i have a root server there)

i run ispconfig, everything else works fine.

any ideas or more details on how to do this?
Reply With Quote
  #5  
Old 5th February 2008, 11:32
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

Difficult to say on this one. I'm not an ISPConfig expert (I've only been using it since August last year), but I wonder if it's the lack of a CSR that could be causing the problem.

Now you don't actually need the CSR in order for the web server to start - that just reads the key and the cert (from separate files such as /var/www/web1/ssl/www.mysite.com.key etc), but I just wonder if perhaps this is causing problems with ISPConfig rather than apache.

What you could do is put the correct .key and .cert files in the relevant directory manually again, don't touch ISPConfig, and restart apache (eg. apachectl restart or /etc/init.d/httpd restart etc).

In fact, if you do apachectl configtest first, that should tell you if the key/cert is valid. You can then test the site again in a browser (close it and re-open just to be sure) to see if it's the right cert. If it is, then you can test again putting the CSR and the Cert into the site's SSL tab in ISPConfig. I've done this successfully, but then again I did have the original CSR used to generate the certificate. I would have thought you might struggle without that.

With this sort of problem, you usually find the solution by careful step-by-step analysis of what's actually going on, and careful reasoning. (aka trial and error!)

Hope you get it sorted. Feel free to post back - not sure I could be any more help though...

Thanks,

Neil
Reply With Quote
  #6  
Old 5th February 2008, 11:41
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Thank you for your answer, i don't know why, but it somehow fixed itself overnight.

It still brings an error, but i cannot read what the problem is.

maybe someone could check: https://www.hotelvaladon.fr

Thankyou!
Reply With Quote
  #7  
Old 5th February 2008, 11:45
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

I tried the link, but it just seems to redirect to http://www.hotelvaladon.com/index.htm

However, trying a random page (eg. https://www.hotelvaladon.fr/afdasdf) gives a 404 (of course) but does show the certificate. It looks fine to me - it's from a trusted CA and valid till 2011, so if I were you, I'd leave well alone while it works ;-)

N

Last edited by zetnsh; 5th February 2008 at 12:01.
Reply With Quote
  #8  
Old 5th February 2008, 11:46
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
Default

it works with my IE7, but not with FF.

:P
Reply With Quote
  #9  
Old 5th February 2008, 12:07
zetnsh zetnsh is offline
Senior Member
 
Join Date: Aug 2007
Posts: 111
Thanks: 8
Thanked 5 Times in 5 Posts
Default

I have tried it with Firefox, and I see your point.

It's definately nothing to do with ISPConfig though. It's to do with the Certification Authority who provided the SSL Certificate. I think it's basically because Firefox doesn't have the root certificates for OVH Secure Certification Authority, whoever they are.

Unless I've missed something here, I think the only resolution is to obtain an SSL Certificate from a reputable provider such as Thawte or Verisign (yes, I know Verisign own Thawte now! ;-) Thawte do a reasonably priced budget certificate called SSL-123. But that's still paying twice, unless you can get a refund.

If you go for a less well known SSL provider, unfortunately you run the risk of the CA not being recognised by some of the browsers. In this case, it seems to work with IE7 and Safari, but not in Firefox or Opera.

Thanks,

Neil
Reply With Quote
  #10  
Old 5th February 2008, 12:09
ahsamuel ahsamuel is offline
Junior Member
 
Join Date: Jan 2008
Posts: 11
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

Thank you a lot, I'll try and contact them. Will keep you (all) updated.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cannot access ispconfig site Nu2Linux Installation/Configuration 13 3rd January 2009 16:29
Changing to SSL for ISPconfig site. Rockdrala Installation/Configuration 6 2nd January 2008 12:47
ubuntu 7.1x (server) - ISPConfig - SSL dbrooke Server Operation 1 24th October 2007 20:04
Enable shell access on existing site gjm General 3 2nd June 2007 18:12
install successful but no ispconfig site Nu2Linux Installation/Configuration 3 4th November 2005 00:30


All times are GMT +2. The time now is 00:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.