installing ssl cert

Discussion in 'ISPConfig 3 Priority Support' started by kwickcut, Feb 7, 2018.

  1. kwickcut

    kwickcut Member HowtoForge Supporter

    hello i have created a CSR using the following
    Code:
    openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
    then filled out the info requested i then ran
    Code:
    cat yourdomain.csr
    i then copied and pasted into a certificate authority. i then receive an email to confirm its me and shortly after i receive the email for the download of the certs.
    there are 4 in the downloaded zip file
    1)AddTrustExternalCARoot
    2)mysite_com
    3)ADDTrustCA
    4)DomainValidationSecureServiceCA

    i have read and tried 2 different ways to install these certs all ending in a loss of apache causing me to reload the server because i am doing something wrong. my question is do i need to install all 4 certs and how do i do this safely.

    thank you for any direction and help

    kwick
     
  2. kwickcut

    kwickcut Member HowtoForge Supporter

    UPDATE
    i just received another email with a new zip file and only 2 files inside
    1)mysite_com.ca-bundle
    2)mysite_com
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Where do you want to install that, an ispconfig website? In that case, you will have to put the SSL key (that you created outside of ispconfig as it seems) into the key field, the .crt file into the certificate field and the bundle file content into the SSL bundle field.
     
    kwickcut likes this.
  4. kwickcut

    kwickcut Member HowtoForge Supporter

    thank you for the reply. i have done as stated and saved the info. when i exit the ssl page and then log back in i see the info that i had entered but i am having an issue. the site is using what i am assuming is the self singed cert from ISPCONFIG? the ssl cert that i bought was for 3 years. what should i be looking to edit thanks in advance. below is the output on a website ssl checker

    DNS resolves my_site.com to xx.xxx.xxx.xx
    SSL certificate

    Common Name = localhost

    Issuer = localhost

    Serial Number = FDD85BA0069C1ECE

    SHA1 Thumbprint = ED7AF483584FF7A90F919EC2AD7D4A53FE7677E4

    Key Length = 2048

    Signature algorithm = SHA1 + RSA (deprecated)

    Secure Renegotiation: Supported

    SSL Certificate has not been revoked
    OCSP Staple: Not Enabled
    OCSP Origin: Not Enabled
    CRL Status: Not Enabled

    SSL Certificate expiration
    The certificate expires May 17, 2035 (6306 days from today)
    Certificate does not match name my_site.com
    [​IMG]
    Subject localhost
    Valid from 22/May/2015 to 17/May/2035
    Issuer localhost
    SSL Certificate is not trusted
    The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    just put the ssl key, cert and bubdle in the ssl field, select 'save certificate' in the action field and press save. And ensure that you have the ssl checkbox enabled in that website on the first tab. Beside that, your web browser can show you the details of the ssl cert that is currently used.
     
  6. kwickcut

    kwickcut Member HowtoForge Supporter

    ok i have done as stated and it has been over 10 days and i run a check and get the same outcome whats my next step?


    mysstore.com resolves to xx.xx.xxx.xx

    Server Type: Apache/2.4.18 (Ubuntu)

    The certificate will expire in 6294 days.


    The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate

    None of the common names in the certificate match the name that was entered (aquamedsstore.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
    [​IMG] Common name: localhost
    Organization: NETGEAR Org. Unit: NETGEAR
    Location: SanJose, California, US
    Valid from May 22, 2015 to May 17, 2035
    Serial Number: 18291470629429059278 (0xfdd85ba0069c1ece)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: localhost
     

Share This Page