Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 5th April 2010, 02:31
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default SSL Bug!

Hello, I added this to bugtracker, adding ssl certificates can make ispconfig stop Working (Apache), if certificate has some error, apache will stop and you have to remove manualy(ssh) from vhost to restore the normal ispconfig service.
Reply With Quote
Sponsored Links
  #2  
Old 7th April 2010, 16:17
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Thumbs down SSL Bug is this a bad question?

Hello i did´t get any anwser for this, i assume that if ispconfig stops working from a faulty ssl certificate(added normaly from ispconfig) is not a bug then.

My ssl is working i dont need any help.
Thank you.
Reply With Quote
  #3  
Old 8th April 2010, 14:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Since you've added this to the bugtracker, we will review this, but I don't think it's a bug in ISPConfig if there's a problem with the certificate.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 8th April 2010, 17:05
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Exclamation

Quote:
Originally Posted by falko View Post
Since you've added this to the bugtracker, we will review this, but I don't think it's a bug in ISPConfig if there's a problem with the certificate.
Yes is a problem with certificate but ispconfig dont work after. And If it cant be verified is a big problem for webmasters that not know what to do.
If we give the final client the permissions to add a certificate, that will make ispconfig server stop working for all clients.
Reply With Quote
  #5  
Old 8th April 2010, 19:36
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

ISPConfig tests if a ssl cert get created. Also apache is not complaining about a invalid cert if you test the apache config with "httpd -t", so there are not many options for ispconfig to find yout if a ssl cert works or not. If ispconfig restarts for apache to test if it works for every website and every change, your server might get restarted several times a minute which will bring your sites down as well.

I guess the only usable option might be to disable the ssl settings for clients, so that only the admin can add ssl certs.

What exactly did you enter into the cert feilds that make apache fail?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 8th April 2010, 20:47
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default

Quote:
Originally Posted by till View Post
ISPConfig tests if a ssl cert get created. Also apache is not complaining about a invalid cert if you test the apache config with "httpd -t", so there are not many options for ispconfig to find yout if a ssl cert works or not. If ispconfig restarts for apache to test if it works for every website and every change, your server might get restarted several times a minute which will bring your sites down as well.

I guess the only usable option might be to disable the ssl settings for clients, so that only the admin can add ssl certs.

What exactly did you enter into the cert feilds that make apache fail?
I add the same, ispconfig creates multiple files when i save the ssl with new values. generates ssl for domain and other for subdomain (www.domain and domain).
if is the same domain and the certificates are clones why apache crashes ?

Maybe the problem is on certificate type ?
I use a Turbo ssl.

Just a question, this type of certificate validates on browser, but does not make the browser url green. do you know if thats normal ?
Thanks.

Last edited by ivomendonca; 8th April 2010 at 21:20.
Reply With Quote
  #7  
Old 11th April 2010, 16:35
denie denie is offline
Junior Member
 
Join Date: Apr 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
I guess the only usable option might be to disable the ssl settings for clients, so that only the admin can add ssl certs.
How do you disable the SSL settings for clients?
Reply With Quote
  #8  
Old 11th April 2010, 16:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
I add the same, ispconfig creates multiple files when i save the ssl with new values. generates ssl for domain and other for subdomain (www.domain and domain).
ISPConfig creates just one ssl cert for the domain or subdomain that you selected on the ssl tab. The other files are the csr and the key.

Quote:
if is the same domain and the certificates are clones why apache crashes ?
Have you checked the ssl log?

Quote:
How do you disable the SSL settings for clients?
This is a proposal for a possible new feature. At the moment you can get the same result by creating the new website as admin for the client and do not enable the ssl checkbox. Clients can not enable ssl then as a client can not change a setting on the first website tab if the website had been created by the administrator.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 11th April 2010, 18:10
ivomendonca ivomendonca is offline
Banned
 
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 13 Times in 7 Posts
Default

Quote:
Originally Posted by till View Post
ISPConfig creates just one ssl cert for the domain or subdomain that you selected on the ssl tab. The other files are the csr and the key.



Have you checked the ssl log?



This is a proposal for a possible new feature. At the moment you can get the same result by creating the new website as admin for the client and do not enable the ssl checkbox. Clients can not enable ssl then as a client can not change a setting on the first website tab if the website had been created by the administrator.
The only errors that i have found.

[Sat Apr 03 01:34:05 2010] [error] Unable to configure RSA server private key
[Sat Apr 03 01:34:05 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Reply With Quote
  #10  
Old 12th April 2010, 13:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
 
Default

What values did you enter when you created the certificate?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating a SSL certificate - Quick guide SamTzu Tips/Tricks/Mods 22 4th January 2011 13:38
Bug SSL 2048 ipinfotelecom Developers' Forum 2 23rd December 2009 13:20
SSL "connection interrupted" apache not listening on 443 yuro Installation/Configuration 10 28th October 2008 14:42
SSL and IPs problem. debian-lover General 7 21st April 2008 11:59
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59


All times are GMT +2. The time now is 09:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.