ISPC3 https vhosts missing

[kalua]

Hello,

I just installed ISPConfig from svn and I try to setup secure websites over https. Its an Debian etch server. The setup run through without errors.

Therefore I created a site and enabled the ssl checkbox in the domain tab. Then I head over to the ssl tab, put in state, organisation an country code and choose "Create Certificate". I clicked on save and was forwarded to the "Websites page". There were no error messages.

There is an domainname.vhost file created in /etc/apache2/sites-available, but that is just for port 80 not 443.
Shouldn't there be an config section for a vhost at *:443 ?
I tried both, the ipaddress and * as value for ipadress in domain tab... that made no difference.

Also, the apache-server wasn't listening on port 443, I had to enable this manually.

Is it possible to configure https with ISPC3?
Did I miss some required configs?
Can I create the necessary certificates with ISPC3?
I also would need certificates for the email server setup, but this is another topic.

I would appreciate some help...

[till]

The last time I tested this it worked for me. We cann add it to the buftracker for review.

Quote:

Is it possible to configure https with ISPC3?

yes.

Quote:

Did I miss some required configs?

Looks ok.

Quote:

Can I create the necessary certificates with ISPC3?

yes.

[kalua]

Quote:

Originally Posted by till

The last time I tested this it worked for me. We cann add it to the buftracker for review.

If I can help at this point, please tell me.
I'm on a clean server. Maybe I'll try the 3.0.0.7 instead of svn...
There is also no logfile for ispconfig. It wasn't created during install and if I touch /var/log/ispconfig/ispconfig.log it doesn't get filled. Ok, this could also tell me that everything is fine...

[kalua]

Now I tried the current svn version (r508) at an virtual machine.

I followed the INSTALL_DEBIAN_4.0.txt and got everything running so I can login to the admin frontend.

There I put in the IP at system->edit server ip
and checked "HTTP NameVirtualHost" although I don't know what this setting triggers.

Then I created a client, gave him the ability to create shell/ftp user and databases.
after that I created a site (with admin still logged in), put domainname and ip address in and checked ssl box.

But there is no vhost config for the https site nor is apache listening on port 443

What is the procedure to enable or generate the ssl certificates?
I put in my settings in the ssl tab (locality, country,... ) and choose "create certificate".
Should I see something after hitting save?
Should there be an ssl request?
Or could I simply paste an certificate at the ssl certificate box?
Well, I also tried this, but nothing happend.

I would really like to handle the http/https websites with ispconfig 3. So if I can gave further settings or logfiles to get this solved give me a sign.

[kalua]

The creation of certificates seems not to work properly. I'm not sure why, but the csr, crt and key file is not created in the ssl directory.

I had to manually create the files, put them in to the ssl directory, trigger ssl enable event to get the ssl vhost config written.

I also had to anable apache to listen on port 443.
I wasn't sure if apache got restartet, so I did it by hand.

After that I finally can connect through https.

The certificate is not displayed on the ssl tab.


I hope this helps somebody... After playing in a virtual machine, now I can setup https on the "real" machine

[quentusrex]

kalua,

First off thanks for reporting the issue. If you're willing to stick around and test things I'm sure we can fix the issue.

So, what steps(in detail please) did you have to take to get it working? (it's possible ISPConfig 3 is just missing a few steps in the process).

Also, you said the ssl cert wasn't being created properly. Could you test this again? just to double check? and if it still isn't being created properly, could you try to create one and see if everything works just find after it's created?(if it's just a matter of the cert isn't created or moved properly, but everything else works, then the bug fix should be rather simple.)

Thanks again. Let us know if you find any other bugs.

p.s. Do you have a bugtracker account yet? to http://bugtracker.ispconfig.org/

[kalua]

I did a test on a clean virtual machine again by following INSTALL_DEBIAN_4.0.txt

I found out what I did wrong. In the ssl tab there are the following 5 fields:
-State
-Locality
-Organisation
-Organisation Unit
-Country

In my first setup I left Organisation Unit empty so no certificate got created. So the ISPConfig code is working, no modification needed. Maybe its possible to mark necessary field somehow, but that would be just an optical change.

But even the vhost for ssl ist now created, I had to enable apache to listen on port 443. This wasn't done by the script.

Ohh... I found an typo in the certificate email: webmatser@domain.tld


I'm sorry if I confused someone. Great work so far!

[quentusrex]

kalua, I believe what you found was very helpful. You found a bug that ISPConfig 3 doesn't 'force' users to give required information. That in itself is big. Just think of how many developer hours you just saved trying to find the bug you talked about.... :-D

I'll look into why port 443 isn't enabled on install.

Kalua, happy bug hunting.

[kalua]

Quote:

Originally Posted by quentusrex

kalua,

p.s. Do you have a bugtracker account yet? to http://bugtracker.ispconfig.org/

I registered but I'm not able to comment tickets.

[quentusrex]

Post your bugtracker username. Then just wait for Till to enable that for you. (I would if I could).

Kalua, would you be able to take a look at tracking down some of the other bugs that are posted? Or atleast see if you can recreate them? That'd be a big help.