Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 6th October 2009, 00:25
obrienj619 obrienj619 is offline
Junior Member
 
Join Date: Jun 2009
Posts: 4
Thanks: 0
Thanked 5 Times in 2 Posts
Default

Please see my pdf it may be easier to read
Attached Images
File Type: pdf ISPConfig 2.pdf (11.2 KB, 435 views)
Reply With Quote
The Following User Says Thank You to obrienj619 For This Useful Post:
till (6th October 2009)
Sponsored Links
  #12  
Old 6th December 2009, 01:47
totte_karlsson totte_karlsson is offline
Junior Member
 
Join Date: Mar 2007
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by dpicella View Post
I discovered a much easier way to do this!!

1. Generate your self signed certificate the normal way using ISPConfig 2 or 3
2. Paste your certificate request in the GoDaddy website
3. When GoDaddy asks you what type of server you are using (i.e., apache, CPanel, Plesk, Etc.) select "Other" - this is the most important step!!!
4. When you get the certificate download from GoDaddy it will not have an intermediate file. You can simply past the certificate they sent you in the certificate box and you are ready to go. You do not have to add any Apache server directives and you do not have to alter any conf files!

Cheers!
There is no 'Other' option at GoDaddy as of Dec 5 2009.
Reply With Quote
  #13  
Old 30th January 2010, 08:25
createch createch is offline
Senior Member
 
Join Date: Aug 2007
Posts: 118
Thanks: 24
Thanked 16 Times in 13 Posts
Default

Another way to tackle the problem (I tried it myself and it works)

1. edit the openssl.cnf.master file
(typically it is in /root/ispconfig/isp/conf)
change the "default_bits" from "1024" to "2048"

2. edit the file config.lib.php
(typically it is in /root/ispconfig/scripts/lib
Change the "1024" to "2048" in the following command:

openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key

3. restart ispconfig (i.e. service ispconfig_server restart)

Now use the normal steps to do the CSR generation in the ISPconfig panel and it will give you a key of 2048bit, which is suitable for Godaddy.

i.e.
1. In the ISPconfig panel, use "Create Certificate" to generate the CSR
2. Put the CSR to the Godaddy and do a re-key (now it will be successful)
3. download the Cert from godaddy
4. put the cert back to ISPconfig panel SSL Certificate textbox and save
5. Upload the 2 key files from Godaddy to the ssl directory of the domain concerned (gd_bundle.crt and yourname.crt)
6. add the apache directive in the domain concerned:
SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
[replace the above # with the domain number]
7. Restart http (i.e. service httpd restart)

and you will get your SSL site running in the domain concerned.

Enjoy..
Createch
Reply With Quote
The Following 3 Users Say Thank You to createch For This Useful Post:
falko (31st January 2010), TheBirdMan (17th May 2010), unsichtbare (29th March 2010)
  #14  
Old 2nd April 2010, 00:44
paullorentzen paullorentzen is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm running ispconfig 3.0.1.3 on Ubuntu 9.04 and can't seem to locate the config.lib.php or openssl.cnf.master files.

The /root directory is empty.

ispconfig is up an running so I know its located somewhere.

A find / -name '*config.lib*' command yeilds nothing.

What am I doing wrong?
Reply With Quote
  #15  
Old 2nd April 2010, 02:01
paullorentzen paullorentzen is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Talking ISPconfig 3 2048bit SSL certificate instructions

Apparently, the configuration system changed from ISPconfig v2 to v3.

Config for v3 is located in /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php.

Here are complete config instructions for ISPconfig v3

http://how2forge.com/forums/showthread.php?p=214955

This worked perfectly for a godaddy premium SSL certificate.

Paul
Reply With Quote
  #16  
Old 12th May 2010, 02:16
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default Enom & ispconfig & rapidssl

I am having an ONGOING problem with SSL for the ISPConfig 2 admin panel.

I have already wasted 2 certificates working on the 2nd for the ISPConfig admin panel. I cannot change my CSR once I submit it so please let me know if you have the answer to my problem if you are reading this.

I do not care if https://www.mysite.com works at all. The SSL box can be uncheckmarked for that web for all i care if possible.

My goal is to have the ISPConfig admin panel SSL cert for my web1 domain work so it doesnt give a "warning" in browsers when people try to access the panel or webmail at https://www.myispconfigsite.com:81

I know how to generate the certificate in /root/ispconfig/httpd/conf

Question1:

I have to pick a certificate type to submit the CSR to rapidssl.

Here are my choices.

Apache2
Apache+ApacheSSL
Apache+OpenSSL
Apache+MOD SSL
Apache+Raven
Apache+SSLeay

Which should I choose?

Question2:

Does SSL have to be enabled on the web I wish to have the admin panel accessed by?

I simply want my RapidSSL certificate to work with my favorite domain/web so when people access ISPConfig at https://www.myispconfigpanel.com:81

It will be valid!

I've been feeling like pulling my hair out so let me know if you can answer my questions. It's driving me CRAZY!

They have detailed instructions for CPanel, Plesk, and other panels but there is no instructions anywhere whatsoever for ISPConfig.

Simply put, out of THESE options:

Apache2
Apache+ApacheSSL
Apache+OpenSSL
Apache+MOD SSL
Apache+Raven
Apache+SSLeay

Which should I choose for the https://www.myispconfigpanel.com:81 certificate I will generate in /root/ispconfig/httpd/conf/ ?

Thanks very much to anyone who can answer that question
Reply With Quote
  #17  
Old 23rd August 2010, 20:23
ambiental ambiental is offline
Junior Member
 
Join Date: Aug 2010
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default How I made it

Hi, first post, after years using ISPConfig!

I made it in that way:

01 - Login to ISPConfig Control Panel and under the SSL website, generate a SSL Cert.

02 - Loging to your server command terminal (SSH) and cd to the website where you want the SSL (replace # with the website ID):

Command
Code:
cd /var/www/web#/ssl
03 - Now manaually generate the 2048-Bit Cert (replace example.com with your domain):

Generate KEY with the command
Code:
openssl genrsa –des3 –out www.example.com.key 2048
Generate CSR with the command
Code:
openssl req –new –key www.example.com.key –out www.example.com.csr
Rename KEY with the command
Code:
mv www.example.com.key www.example.com.key.org
Unencrypt KEY with the command
Code:
openssl rsa –in www.example.com.key.org –out www.example.com.key
04 - You should have at least three files listed:

Code:
www.example.com.csr
www.example.com.key
www.example.com.key.org
05 - Now copy and paste the CSR to the GoDaddy website:

Send the cat command to display the CSR
Code:
cat www.example.com.csr
Now paste the output of www.example.com.csr into the GoDaddy website to send you CSR to Godaddy for signing.

06 - After signing has been completed, you will see a donwload button in the GoDaddy website. Unzip the two files, most likely the will look like this:

Code:
gd_bundle.crt
www.example.com.crt
Upload these two file in to the ssl directory of your website, for example: /var/www/web#/ssl

07 - Go back to your ISPConfig Control Panel in the website where you are installating the SSL Cert, in the Apache Directives section, enter the following:

Code:
SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
And save the changes.

08 - Under the Management tab in your ISPConfig panel, go to Server > Services and restart the Web Server.

09 - Done. Now test your website: https://www.example.com

10 - If www.example.com is also your ISPConfig domain, make it work to the 81 port too:

Edit the httpd.conf file
Code:
vim /root/ispconfig/httpd/conf/httpd.conf
Point to the new CRT file
Code:
SSLCertificateFile /var/www/web#/ssl/www.example.com.crt
#SSLCertificateFile /root/ispconfig/httpd/conf/ssl.crt/server.crt
Point to the new KEY file
Code:
SSLCertificateKeyFile /var/www/web#/ssl/www.example.com.key
#SSLCertificateKeyFile /root/ispconfig/httpd/conf/ssl.key/server.key
Point to the CRT bundle file
Code:
SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
#SSLCertificateChainFile /root/ispconfig/httpd/conf/ssl.crt/ca.crt
Regards,

Haldor Omar
Reply With Quote
  #18  
Old 10th November 2010, 18:48
3DPeruna 3DPeruna is offline
Member
 
Join Date: Jan 2007
Posts: 50
Thanks: 8
Thanked 0 Times in 0 Posts
Unhappy

When I go to check the SSL box for the domain to install SSL, I'm getting the following:

Code:
An SSL certificate does already exist for this IP.
Reply With Quote
  #19  
Old 10th November 2010, 21:00
3DPeruna 3DPeruna is offline
Member
 
Join Date: Jan 2007
Posts: 50
Thanks: 8
Thanked 0 Times in 0 Posts
Default

The problem I listed above still exists, but I was able to get the certificate created on GoDaddy. It's downloaded.

However if I go to my https://www.domain.com, I'm getting the self-signed certificate for the server (https://server.serverdomain.com). Any thoughts?

Last edited by 3DPeruna; 10th November 2010 at 21:01. Reason: Clarifications
Reply With Quote
  #20  
Old 24th November 2010, 18:27
3DPeruna 3DPeruna is offline
Member
 
Join Date: Jan 2007
Posts: 50
Thanks: 8
Thanked 0 Times in 0 Posts
 
Default

I used the following (for a different CP, but it worked) to get SSL to work: http://isp-control.net/forum/thread-....html#pid85117

There are some limitations between TSL and SSL on different browsers, but it's working well enough for us.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig and SSL Certificates phamels Installation/Configuration 48 2nd April 2009 18:33
Re-generating SSL certificates for ISPConfig Norman General 6 13th May 2008 19:27
Generating default ISPconfig SSL Certificates Again. spacemind Installation/Configuration 2 12th May 2008 13:14
cacert.org SSL Chained Certificates for Debian Etch steve1084 Suggest HOWTO 7 1st July 2007 13:32
how to use ISPconfig SSL certificates with courier unnilennium Installation/Configuration 3 8th April 2007 21:31


All times are GMT +2. The time now is 01:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.