Adding SSL certificate to Site

Discussion in 'Installation/Configuration' started by snowfly, May 31, 2011.

  1. snowfly

    snowfly Member

    Can anyone help me with setting up an SSL certificate for a site on ISPconfig 3?

    I have web site that was running perfectly fine on a separate custom debian system (not ISPconfig), with an SSL cert.

    And we moved this site to a new ISPconfig3 server.

    In the ISPconfig3 interface I pasted the SSL cert into the "SSL Certificate" field on the SSL tab of Web Domain.
    And ticked the box for SSL.

    However site does not work.
    Firefox reports error:
    SSL received a record that exceeded the maximum permissible length.
    (Error code: ssl_error_rx_record_too_long)

    I cannot find anything in ispconfig logs.

    When I view the apache config file (e.g. /etc/apache2/sites-enabled/ I cannot see any reference of SSL.

    On our previous custom server, we had these entries:

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/
    SSLCertificateKeyFile /etc/apache2/ssl/

    The SSL tab in ISPconfig has 3 fields:
    - SSL Request
    - SSL Certificate
    - SSL Bundle

    Which one does the SSL key file go in?
    Which one does the SSL CSR file go in?
    And does the SSL cert (*.crt) go in the SSL Certificate box?

    Thanks in advance.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The ssl key is generated and managed by ispconfig, so there is no field for it. Just createa new ssl cert trough ispconfig and then use the csr that ispconfig created for you and let it sign from the ssl authority.

    So the steps to enable ssl for a website are:

    1) Check the ssl checkbox in the site settings.
    2) Create a new self signed ssl cert in ispconfig on the ssl tab.
    3) Let the csr sign from a ssl authority and paste the cert into the sl cert field and choose save.

    All ssl authorities lat you resign a cert, so you could reissue your cert based on the ispconfig csr.

    Thats also described in detail in the ispconfig 3 manual.
  3. snowfly

    snowfly Member

    Thanks Till.

    I managed to get the SSL working using the current SSL key/crt files.
    As I had no option to re-create a new CSR/CRT, as this would have cost.

    I put the current *.crt and *.key files into the sites /ssl/ directory on the ISPconfig server.
    And enabled 'ssl' in the site options.

    This worked, and ispconfig created the following entries in the apache2 site file:
    SSLEngine on
    SSLCertificateFile /var/www/clients/client100000/web2222/ssl/xxx.crt
    SSLCertificateKeyFile /var/www/clients/client100000/web2222/ssl/xxx.key

Share This Page