can't login to ispconfig admin invalid certificate?

Discussion in 'Installation/Configuration' started by smilem, Jan 13, 2008.

  1. smilem

    smilem New Member

    I managed to sucessfuly install ISPconfig on CentOS 5.1, using this tutorial
    http://www.howtoforge.com/centos-5.1-server-lamp-email-dns-ftp-ispconfig installations was OK no errors etc.

    But when I try to get to admin (I use firefox) I get this error:

    https://192.168.1.11:81/

    my host is like tutorial: server1

    Could not establish encrypted connection because certificate presented by 192.168.1.11 has an invalid signature

    My setting for ISPconfig:

    Please enter your MySQL server: localhost or I shoud have entered server1?
    Please enter your MySQL user: root
    Please enter your MySQL password: <MySQLpassword>
    Please enter a name for the ISPConfig database: db_ispconfig
    Please enter the IP address of the ISPConfig web: 192.168.1.11
    Please enter the host name: server1 or I shoud have entered www?
    Please enter the domain: somemydomain.com
    Please select the protocol (http or https (SSL encryption)) to use to access the ISPConfig system: 1


    If I enter http://192.168.1.11:81/

    I get:

    Hint: https://server1.somemydomain.com:81/

    But if click the link I get page unavailable error:

    You tried to access the address https://server1.somemydomain.com:81/, which is currently unavailable. Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page


    Here is what I entered during ISPconfig install script:
    Code:
    wget http://internap.dl.sourceforge.net/sourceforge/ispconfig/ISPConfig-2.2.19.tar.gz
    tar xvfz ISPConfig-2.2.19.tar.gz
    cd install_ispconfig
    ./setup
    
    
    Step0
    
    RSA
    
    Step2
    
    1.Country Name: LT
    2. State or Province Name: .
    3. Locality Name: .
    4. Organization Name: .
    5. Organizational Unit Name: .
    6. Common Name (eg, CA name): .
    7. Email Address (eg, name@FQDN): .
    8. Certificate Validity: 365
    
    Step3
    
    3
    
    Step5
    
    1.Country Name: LT
    2. State or Province Name: .
    3. Locality Name: .
    4. Organization Name: .
    5. Organizational Unit Name: .
    6. Common Name (eg, CA name): .
    7. Email Address (eg, name@FQDN): .
    8. Certificate Validity: 365
    
    Step6
    
    3
    
    Step7
    
    n
    
    Step8
    
    n
    
    ------------------
    
    Enter postmaster address: postmaster@somemydomain.com
    
    host name: server1
    domain:    somemydomain.com
    
    HTTPS choose for yes 1
    What is wrong? Why secure connection will not work? and I can't access ISPconfig admin panel?
     
    Last edited: Jan 13, 2008
  2. smilem

    smilem New Member

    I've fixed the login problem by:

    I ran commands to make new certificate:
    replace "yourpassword" with your own password.
    Code:
    openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
    openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
    openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
    openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
    chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
    
    Then restarted server using:

    /etc/init.d/ispconfig_server restart

    Now I can login, but have another

    problem1:

    Firefox shows a pop-up window that sounds like:

    You have attemted to establish connection with "192.168.1.11".
    However, the security certificate presented belongs to "mydomain.com". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

    Is it possible to make it work without this pop up ?

    problem2

    If I do not log in to console I get something like

    set_rtc_mmss: can't update from 1 to 59
    set_rtc_mmss: can't update from 2 to 59
    set_rtc_mmss: can't update from 3 to 59
    and so on

    How to fix this?

    problem3
    When I shut down or restart system

    Starting killall: Shutting down posfix [FAILED]

    problem4
    When system boots I get these 2 errors:

    error1

    Starting proftpd: Warning: Handling possibly truncated configuration data at line 67
    '/etc/proftpd.conf'

    Line 67 is:
    Code:
    ServerIdent on "FTP Server ready."
    
    error2

    Starting monitoring for VG VolGroup00: /dev/hdc: open failed: Read only file system
    2 logical volume(s) in volume group "VolGroup00" monitored
     
    Last edited: Jan 13, 2008
  3. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes, buy officially signer dertificate.

    Is this VM? Then its normal, you can not update the realtime clock from within a VM.

    Addd a new empty line after this line.
     
  4. smilem

    smilem New Member

    problem2 - yes this is virtual machine
    what about problem 3?

    problem4 - I edded empty line and got the same problem, however I fixed the problem by correcting error in
    script /etc/init.d/proftpd

    I had entered: [ $NETWORKING = "no" ] && exit 0
    Instead of: [ ${NETWORKING} = "no" ] && exit 0

    And I had: echo "Usage: $prog start|stop|restart|reload|condrestart|status"
    Istead of: echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"

    So problems 4 and 2 fixed :D What about problem 3 - should postfix shutdown fail?
     
    Last edited: Jan 15, 2008
  5. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Do you get any error messages in the mail log file?
     
  6. smilem

    smilem New Member

    Please in future posts can you specify the path to the file you ask for?

    Here is /var/log/maillog
    Code:
    Jan 15 00:26:26 server1 freshclam[2859]: -------------------------------------- 
    Jan 15 00:29:44 server1 dovecot: Killed with signal 15
    Jan 15 14:24:17 server1 dovecot: Dovecot v1.0.rc15 starting up
    Jan 15 14:24:18 server1 sendmail[2240]: alias database /etc/aliases rebuilt by root
    Jan 15 14:24:18 server1 sendmail[2240]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
    Jan 15 14:24:21 server1 postfix/postfix-script: starting the Postfix mail system
    Jan 15 14:24:21 server1 postfix/master[2293]: daemon started -- version 2.3.3, configuration /etc/postfix
    Jan 15 14:24:56 server1 postfix/postfix-script: stopping the Postfix mail system
    Jan 15 14:24:56 server1 postfix/master[2293]: terminating on signal 15
    Jan 15 14:24:56 server1 sendmail[2710]: alias database /etc/aliases rebuilt by root
    Jan 15 14:24:56 server1 sendmail[2710]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
    Jan 15 14:24:58 server1 postfix/postfix-script: starting the Postfix mail system
    Jan 15 14:24:58 server1 postfix/master[2756]: daemon started -- version 2.3.3, configuration /etc/postfix
    Jan 15 14:25:04 server1 freshclam[2840]: freshclam daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i686) 
    Jan 15 14:25:04 server1 freshclam[2840]: ClamAV update process started at Tue Jan 15 14:25:04 2008 
    Jan 15 14:25:04 server1 freshclam[2840]: main.cvd is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) 
    Jan 15 14:25:04 server1 freshclam[2840]: daily.inc is up to date (version: 5483, sigs: 21693, f-level: 21, builder: acab) 
    Jan 15 14:25:04 server1 freshclam[2840]: -------------------------------------- 
    
    
     
  7. smilem

    smilem New Member

    Hope this is the file you ask, could you please specify the path to the file you ask for?

    /var/log/maillog
    Code:
    Jan 15 00:26:26 server1 freshclam[2859]: -------------------------------------- 
    Jan 15 00:29:44 server1 dovecot: Killed with signal 15
    Jan 15 14:24:17 server1 dovecot: Dovecot v1.0.rc15 starting up
    Jan 15 14:24:18 server1 sendmail[2240]: alias database /etc/aliases rebuilt by root
    Jan 15 14:24:18 server1 sendmail[2240]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
    Jan 15 14:24:21 server1 postfix/postfix-script: starting the Postfix mail system
    Jan 15 14:24:21 server1 postfix/master[2293]: daemon started -- version 2.3.3, configuration /etc/postfix
    Jan 15 14:24:56 server1 postfix/postfix-script: stopping the Postfix mail system
    Jan 15 14:24:56 server1 postfix/master[2293]: terminating on signal 15
    Jan 15 14:24:56 server1 sendmail[2710]: alias database /etc/aliases rebuilt by root
    Jan 15 14:24:56 server1 sendmail[2710]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
    Jan 15 14:24:58 server1 postfix/postfix-script: starting the Postfix mail system
    Jan 15 14:24:58 server1 postfix/master[2756]: daemon started -- version 2.3.3, configuration /etc/postfix
    Jan 15 14:25:04 server1 freshclam[2840]: freshclam daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i686) 
    Jan 15 14:25:04 server1 freshclam[2840]: ClamAV update process started at Tue Jan 15 14:25:04 2008 
    Jan 15 14:25:04 server1 freshclam[2840]: main.cvd is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) 
    Jan 15 14:25:04 server1 freshclam[2840]: daily.inc is up to date (version: 5483, sigs: 21693, f-level: 21, builder: acab) 
    Jan 15 14:25:04 server1 freshclam[2840]: -------------------------------------- 
    
    
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    That's a common problem on RedHat-based distros. Does Postfix come up again with a different PID? Then everything's fine.
     
  9. smilem

    smilem New Member

    How do I check that it comes with a different PID? What is PID?
     
  10. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    PID means process ID. You will get a list of all processes including their process ID's with the command:

    ps -aux
     
  11. smilem

    smilem New Member

    Instructions on how to use the command and what to look for would be very helpful.

    I tried to restart postfix nad httpd then run the command you gave me and compare results here they are:

    First is postfix then restarted postfix then the same for httpd.
    PID is always different only VSZ (what is that) does not change for https but changes for postfix :confused:
    Code:
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root      2761  0.0  0.8   6708  1744 ?        Ss   13:13   0:00 /usr/libexec/postfix/master
    postfix   2763  0.0  0.8   6772  1720 ?        S    13:13   0:00 pickup -l -t fifo -u
    postfix   2764  0.0  0.8   6824  1752 ?        S    13:13   0:00 qmgr -l -t fifo -u
    
    
    root      3105  0.6  0.8   6704  1748 ?        Ss   13:18   0:00 /usr/libexec/postfix/master
    postfix   3107  0.4  0.8   6768  1720 ?        S    13:18   0:00 pickup -l -t fifo -u
    postfix   3108  0.4  0.8   6828  1752 ?        S    13:18   0:00 qmgr -l -t fifo -u
    
    
    
    apache    2689  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2690  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2691  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2694  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2695  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2696  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2697  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    apache    2698  0.0  2.7  29380  5436 ?        S    13:13   0:00 /usr/sbin/httpd
    
    
    apache    3140  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3141  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3142  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3143  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3144  0.4  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3145  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3146  0.2  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    apache    3147  0.4  2.7  29380  5436 ?        S    13:19   0:00 /usr/sbin/httpd
    
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Then everything's fine. :)
     

Share This Page