#1  
Old 20th February 2008, 17:35
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default Replacing SSL Cert

Hi All,

Been messing around with this for a while this morning and have given up. I am attempting to install a chained SSL cert from GoDaddy into an ISPConfig installation but am failing. The ISPConfig apache fails to launch, yet try as I might I cannot find a single log entry anywhere telling me why. I know it's SSL related, but without logs I'm pretty much in the dark.

I have:

A CSR file in /root/ispconfig/httpd/conf/ssl.csr
A CRT file in /root/ispconfig/httpd/conf/ssl.crt
A ca-bundle.crt file in /root/ispconfig/httpd/conf/ssl.crt

I have entries in /root/ispconfig/httpd/httpd.conf that point to all of these files, but no go. When I run /etc/init.d/ispconfig restart it happily tells me that it wasn't started, then tells me it is started, but it is not (at least port 81 apache is not up).

I see that this has been discussed before on the forums, but I'm obviously missing something. Can someone please, for the love of god, point me to the logs that the port 81 apache is supposed to be writing so I can see what's wrong?

Or, alternatively, is there some definitive guide somewhere on how to install a chained cert into ISPConfig? Seems to me that this is fairly poorly understood by a lot of people.

Thanks

Jon
Reply With Quote
Sponsored Links
  #2  
Old 21st February 2008, 08:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,381
Thanks: 833
Thanked 5,485 Times in 4,317 Posts
Default

The log files are in /root/ispconfig/httpd/logs/

As far as I know, you will have to put the ca bundle in a separate file and not in the ssl.crt file together with the certificate. The bundle file is loded into the apache configuration with:

SSLCACertificateFile /path/to/the/bundle/cert/file/ca.txt
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st February 2008, 13:50
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

HI Till,

I seem to have everything in the right place, but the ISPConfig apache just won't start. It doesn't log anything either. Very frustrating.

I'm going to play around a little more and maybe just move to a better cert that doesn't have a bundle.

Thanks

Jon
Reply With Quote
  #4  
Old 23rd February 2008, 21:13
tensor tensor is offline
Member
 
Join Date: Jul 2007
Posts: 51
Thanks: 11
Thanked 9 Times in 6 Posts
Default

Check these config directives:
SSLCertificateFile - should point to bare certificate
SSLCertificateKeyFile - should point to bare key (possibly protected with a password)
SSLCertificateChainFile - should point to bundle (contatenation) of certificates of all intermediate and root CAs, the Root CA cert should be at the bottom of the file, the closest intermediate CA to you cert at the top of the file.

That way it works for me for self generated certs. And yes, we do have inhouse intermediate CAs.
Reply With Quote
  #5  
Old 24th February 2008, 15:40
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
 
Default

Hi,

Yes, all that was set up correctly, yet ISPConfig would not start it's own port 81 apache and would not log the problem.

I've since moved to a direct cert from RapidSSL and all is good.

Jon
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
Need some handholding on replacing the self-signed SSL Certs cgreentx Installation/Configuration 6 7th July 2007 00:06
New SSL Cert PoleCat Installation/Configuration 15 4th July 2007 10:13
Can't get SSL Cert to work rbartz Installation/Configuration 4 23rd April 2006 09:32
REAL SSL Cert install problems theduke Installation/Configuration 5 4th October 2005 22:06


All times are GMT +2. The time now is 06:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.