#1  
Old 3rd March 2007, 14:44
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default SSL On Dedicated IP

I'm not sure what's happening here. I have 4 IP addresses on my system. 1 Shared IP and 3 dedicated IPs.

I have a site set on a dedicated IP with no other sites committed to that IP. I've placed that site's SSL Certificate (pasted into ISPConfig), the key file and the CA certificate in /var/www/www.website.com/ssl directory.

I put these apache mod in the site's ISPConfig...
SSLCACertificateFile /var/www/www.website.com/ssl/rapidssl_01.cer
SSLCertificateKeyFile /var/www/www.website.com/ssl/www.website.com.key
SSLCertificateFile /var/www/www.website.com/ssl/www.website.com.crt

Any attempts to access the https address result in the Fedora test page coming up with the ssl cert for localhost.

Any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 3rd March 2007, 19:02
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

OK, here's what I've done/found so far...

I remove these apache mods in the site's ISPConfig they aren't needed...
SSLCACertificateFile /var/www/www.website.com/ssl/rapidssl_01.cer
SSLCertificateKeyFile /var/www/www.website.com/ssl/www.website.com.key
SSLCertificateFile /var/www/www.website.com/ssl/www.website.com.crt

Now, I do have the SSL working properly but it took a while to get it to work.

I generated a CSR. Which in turn generated a KEY.

When I restarted HTTPD, it would not come back up. So, I rebooted the system. During boot at HTTPD Start the system asked me for a Private Key password. Well, this is unusual since when I installed ISPConfig I did NOT encrypt the key files. However when installing FC3 per the perfect setup instructions I DID encrypt those keys. Is this the problem? And if so, can I regenerate those keys?

Now, I did however get the SSL to work since this is a simple transfer of web sites and I had an existing SSL/Key set. I simply pasted the SSL Cert into ISPConfig and saved it. Then deleted the key generated by ISPConfig and replaced it with the existing key for the SSL cert.

It still bothers me that I'd be asked for a password on boot. Especially since I'll need to generate a new CSR for that site in about 2 weeks.
Reply With Quote
  #3  
Old 4th March 2007, 14:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by Hawker
It still bothers me that I'd be asked for a password on boot.
Are you referring to your main Apache or ISPConfig's Apache?
If it's ISPConfig's Apache, take a look here: http://www.ispconfig.org/manual_installation.htm

Quote:
In step 7 ("Encrypting RSA private key of CA with a pass phrase for security [ca.key]")and step 8 ("Encrypting RSA private key of SERVER with a pass phrase for security [server.key]") of the certificate creation process you are asked if you want to encrypt the respective key now. Choose n there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 4th March 2007, 16:26
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

Quote:
Originally Posted by falko
Are you referring to your main Apache or ISPConfig's Apache?
If it's ISPConfig's Apache, take a look here: http://www.ispconfig.org/manual_installation.htm
The ISPConfig Apache. I did NOT encrypt the key. I can reboot all day long and not be asked for a key password.

What happened is when I created a certificate request in ISPConfig a key was generated. When HTTPD tried to restart it failed. So, I rebooted and when HTTPD tried to start it asked for a key password. The first HTTPD start not the ISPConfig start.

The only SSL key that is encrypted is the Postfix SSL. But it never asks for a password on boot.

Last edited by Hawker; 4th March 2007 at 16:32.
Reply With Quote
  #5  
Old 4th March 2007, 18:16
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

Plesea dont mix up the ISPConfig apache and your main apache webserver. You can not create a SSL key or certificate for the ISPConfig apache webserver that is running on port 81.

To create a new unencrypted SSL cert for the ISPConfig apache webserver, please follow the steps described here:

http://www.howtoforge.com/forums/showthread.php?t=121
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 4th March 2007, 18:46
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

I think we're getting a little mixed up here. It might be my fault with the way I worded things.

I can currently re-boot without ever being asked for a key password. ISPconfig was compiled with a NON-encrypted key.

Here's where the problem came in...
I created a new website on a free IP address.
In ISPconfig I created a CSR for the new website which also created a key for that CSR
HTTPD would not restart from within ISPConfig <---
I rebooted the machine <---
At HTTPD start I was asked for a key password?? <---

To get past this....
I had to do a manual start and not start httpd or ispconfig.
I removed the new key that was created in /var/web/webXX/ssl <---
I rebooted the machine without a problem. <---
Reply With Quote
  #7  
Old 5th March 2007, 18:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Which distribution do you use?
Did you install your main Apache from your distribution's packages, or did you compile it manually?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 5th March 2007, 19:56
Hawker Hawker is offline
Senior Member
 
Join Date: Feb 2007
Posts: 100
Thanks: 0
Thanked 9 Times in 9 Posts
Default

ISPConfig version: 2.2.10 - Setup per instructions

On a Fedora Core 3 perfect setup.

Somehow, this problem seems to have vanished on it's own. I'm not sure what caused it but I generated the SSL CSR again today for that web site and it didn't happen. I even re-booted after doing it to be sure. It might have been gremlins.

By the way, on the CSR topic is it possible to keep the CRT and KEY files that already exist intact? That is until the new CRT is received. Fortunately I had backup copies so the site can still operate under SSL until the new CRT is received.
Reply With Quote
  #9  
Old 6th March 2007, 08:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,405
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
 
Default

Quote:
By the way, on the CSR topic is it possible to keep the CRT and KEY files that already exist intact? That is until the new CRT is received. Fortunately I had backup copies so the site can still operate under SSL until the new CRT is received.
Thy stay intact as long as you dont chose to create a new certificate. Dont chose create as option if you only want to update / save a existing certificate.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 and multiple SSL configs and name based virtual hosting Creator1326 Server Operation 11 5th October 2010 19:28
SSL not working for individual site. FeraTechInc General 4 1st March 2007 20:26
SSL Request empty when create new SSL in ISPConfig steowimmy Installation/Configuration 10 13th July 2006 20:29
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 16:31
2 Questions (1 SSL Related and 1 dns forward related) phamels Installation/Configuration 11 4th January 2006 01:33


All times are GMT +2. The time now is 01:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.