https://webmail.mydomain.com <- Will ISPConfig do that?

Discussion in 'Installation/Configuration' started by joshenry, Feb 12, 2007.

  1. joshenry

    joshenry New Member

    Accessing https://whatever goes to Apache root not web root, configured ISPConfig.

    Alright, couple things to say first, I'm a newb, learning as quick as I can without asking too many questions but some questions can't be avoided.

    My boss wants webmail.mydomain.com to be secure. I've seen where you can rewrite to send people there but it doesn't work or I'm just setting it up incorrect.

    I'm using Roundcube as the webmail portion and I setup a second site "webmail.mydomain.com". If I go to http://webmail.mydomain.com it will bring me to the site root that ISPConfig configured. If I go to https://webmail.mydomain.com it will bring me to /var/www/html/ and show me apache's default page.

    I'm not sure what info you might need to help me out, so just tell me what you need and I'll post it.

    Thanks for any help!

    Josh.
     
    Last edited: Feb 14, 2007
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You must enable the SSL-Checkbox in the website webmail.mydomain.com, then hit save, open the website settings again, go to the SSL tab and enter the details for the SSL certificate. Then select create certificate as action and hit save again.
     
  3. joshenry

    joshenry New Member

    Ive' done that for the root site however another problem arises that I forgot to mention on my first post.

    When I try to create a CSR I enter in all the info needed, select "Create Certificate" and click save. Nothing happens. I go back to the SSL tab and there is nothing there in the SSL Request. I've waited up to 15 minutes and I don't get anything. Am I doing something wrong?

    Besides that, how do I get ISPConfig to point web traffic that goes to webmail.mydomain.com -> https://webmail.mydomain.com ?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you get any errors in the ispconfig logfile /home/admispconfig/ispconfig/ispconfig.log ?
     
  5. joshenry

    joshenry New Member

    Yup, looks like I do. Here it is:

    Might be a permissions issue?

    Code:
    12.02.2007 - 13:34:38 => INFO - Signalfile Set: insert
    12.02.2007 - 13:34:43 => INFO - make_ssl_cnf /var/www/web1/ssl/openssl.cnf
    12.02.2007 - 13:34:43 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1747: WARNING: could not openssl genrsa -des3 -rand /var/www/web1/ssl/random_file -passout pass:6c54a4d31d5ac3b -out /var/www/web1/ssl/myhostname.com.key.org 1024 && openssl req -new -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.csr -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl req -x509 -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -in /var/www/web1/ssl/myhostname.com.csr -out /var/www/web1/ssl/myhostname.com.crt -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl rsa -passin pass:6c54a4d31d5ac3b -in /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.key
    12.02.2007 - 13:34:43 => WARN - WARNING: could not open file /var/www/web1/ssl/myhostname.com.csr
    12.02.2007 - 13:34:43 => WARN - WARNING: could not open file /var/www/web1/ssl/myhostname.com.crt
    
    I'm still curious on the other part of this problem. accessing https://webmail.myhostname.com brings me to a default apache page and not a default ISPConfig page or to the root of the current webpage. Is there a way to direct that https request to a different directory that isn't part of the root dir for the rest of the website? Not sure how to fix that problem or will it get fixed with the SSL cert fix?

    Thanks again.
     
    Last edited: Feb 14, 2007
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont think its a permission issue as the command is run as root user.

    Please execute the following command as root user manually:

    Code:
    openssl genrsa -des3 -rand /var/www/web1/ssl/random_file -passout pass:6c54a4d31d5ac3b -out /var/www/web1/ssl/myhostname.com.key.org 1024 && openssl req -new -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.csr -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl req -x509 -passin pass:6c54a4d31d5ac3b -passout pass:6c54a4d31d5ac3b -key /var/www/web1/ssl/myhostname.com.key.org -in /var/www/web1/ssl/myhostname.com.csr -out /var/www/web1/ssl/myhostname.com.crt -days 365 -config /var/www/web1/ssl/openssl.cnf && openssl rsa -passin pass:6c54a4d31d5ac3b -in /var/www/web1/ssl/myhostname.com.key.org -out /var/www/web1/ssl/myhostname.com.key
    Do you get any errors?
     
  7. joshenry

    joshenry New Member

    I changed the code to be for the domain of ours, this is what I get:

    Code:
    0 semi-random bytes loaded
    Generating RSA private key, 1024 bit long modulus
    ..............++++++
    ........................................................................++++++
    e is 65537 (0x10001)
    error on line -1 of /var/www/web11/ssl/openssl.cnf
    28303:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/var/www/web11/ssl/openssl.cnf','rb')
    28303:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
    28303:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:
    
    The file /var/www/web11/ssl/openssl.cnf is an empty file, nothing in it.
     
  8. falko

    falko Super Moderator ISPConfig Developer

  9. joshenry

    joshenry New Member

    Alright, followed those instructions. Had to fix the openssl.cnf (some fields were missing from what you posted), tried to register it with cacert.org:

    CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue.

    :-/ Common name was there.....Why isn't ISPConfig doing this properly?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig is creating proper SSL certificates when you enter all and correct information in the ISPConfig interface. What did you enter exactly on the SSL-tab of the website?
     

Share This Page