Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st September 2012, 22:12
ronee ronee is offline
HowtoForge Supporter
 
Join Date: Oct 2006
Posts: 32
Thanks: 0
Thanked 2 Times in 2 Posts
Default SSL cert configured / created but not served, default SSL cert used only

Hello,

We've been working with ISPconfig 3.0.4.6 and CentOS 6.3 with Apache.

We have duplicated this issue on more than one installation.

Issue is as follows:

- ISPconfig control panel configured with SSL on port 8080
- New SSL cert created or existing imported
- Website configured for SSL and assigned to a specific IP

Despite all the above, the self signed cert created and used for ISPConfig on port 8080 is served up for the configured website and not the cert created or imported for that specific site.

What does work as a hack is to replace the self signed cert normally located in /etc/pki/tls/certs and /etc/pki/tls/private but obviously this does not scale. Another hack is to modify /etc/httpd/conf.d/ssl.conf.

Have also reviewed the ISPConfig manual and not found any further data on this.

Would appreciate any advice on resolving this issue.

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 22nd September 2012, 00:37
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: Mnchen
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

Try to check if other website is using * instead ip addresses
Reply With Quote
  #3  
Old 2nd October 2012, 06:05
ronee ronee is offline
HowtoForge Supporter
 
Join Date: Oct 2006
Posts: 32
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Unfortunately that did not resolve the issue.

We have several servers running ispconfig3 all running CentOS 6. Some have this problem and some do not. We have looked extensively and not found what the difference/cause is.

We just deployed two new servers, one behaves as expected, the other exhibits the following behavior:

http://www.domain.com -- correct site served

https://www.domain.com -- default site - apache test page served, also cert used is the self signed cert used by ispconfig on port 8080

In grepping the vhosts files in /etc/httpd/conf/sites-available for the string '443' the only hit is on the ispconfig vhosts file.

We had to deploy a site so we manually modified our domain.com.vhost file and added a section starting with <VirtualHost IP:443>

The contents of that section was a duplicate of the <VirtualHost IP:80> section with the addition of SSLEngine on and the various SSL file statements within the <IfModule mod_ssl.c> section.

Further modifications to that website within ispconfig did not overwrite the above change.

This resolved the issue but we don't really understand why this and the other described symptoms happen.

We've perused the ispconfig 3 manual and did not find anything there that would explain this.

We found some other threads that describe this behavior that do not have a described resolution (or not one that worked for us) including:

http://www.howtoforge.com/forums/sho...l+default+site

http://www.howtoforge.com/forums/sho...ache+test+page


Would appreciate any input on this.
Reply With Quote
  #4  
Old 2nd October 2012, 08:15
ronee ronee is offline
HowtoForge Supporter
 
Join Date: Oct 2006
Posts: 32
Thanks: 0
Thanked 2 Times in 2 Posts
Default

As mentioned in other threads, modifying the domain.com.vhost file is not workable as the changes will be overwritten.

Instead we have created an additional ssl-domain.com.vhost file which seems to work OK on a temporary basis.

Thanks in advance to anyone who might shed some light on resolving this.
Reply With Quote
  #5  
Old 3rd October 2012, 10:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

In ISPConfig 3.0.5, it will be possible to import an existing certificate.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 3rd October 2012, 20:34
ronee ronee is offline
HowtoForge Supporter
 
Join Date: Oct 2006
Posts: 32
Thanks: 0
Thanked 2 Times in 2 Posts
 
Default

Hi Falko,

That's good to hear however in this last instance the SSL cert was created and managed entirely in ispconfig and not imported. Also, the issue in this recent case goes beyond just the cert itself as https requests to the site in question reached the apache test page instead due to the missing content that had to be included in the httpd.conf. We had to manually work around this.

Also, in other cases we created the cert in ispconfig and then replaced the files as described in the manual -- however in some cases apache would simply persistently serve the self signed cert used for ispconfig ui on port 8080 no matter what we did. In other cases this did not happen and all was well.

Would be great if some light could be shed on this.

Thanks
Reply With Quote
Reply

Bookmarks

Tags
ssl certificates

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
webalizer in ispconfig3 pinguinito General 12 4th October 2012 10:50
pop3 service alone is failed in "The Perfect Setup - Debian Sarge (3.1)" nandhu HOWTO-Related Questions 60 5th August 2008 15:15
Default Mail scan settings for new users timehost Installation/Configuration 3 26th October 2007 12:05
High Availability Samba cluster - DRBD + Heartbeat djalex Server Operation 58 25th May 2007 19:38
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs pontifex HOWTO-Related Questions 2 26th October 2005 17:54


All times are GMT +2. The time now is 22:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.