ISPConfig 3, install SSL certificate for a new domain

Discussion in 'HOWTO-Related Questions' started by Tarm, Oct 26, 2013.

  1. Tarm

    Tarm New Member


    I've looked at the following guide on how to install a SSL certificate on my ISPConfig 3 server:

    I have no SSL certificate installed for my main domain (I don't actually need one at this time). I see this how-to is based on how to install on my main domain.
    I have a domain direct to my server (let's say How would I proceed creating a class2 ssl certificate for for my server?

    The last time I tried it using the mentioned link, my server crashed (I had to do a pretty good clean-up to get it working again). Sorry for not wanting to try this approach again before asking.

    Any tips or direction to get me started?

    Thank you!
  2. jimarmstrong

    jimarmstrong New Member


    Here i am enlisted entire step by step installation guide of new SSL certificate in ISPConfig3 server for new domain name.

    I recently got a SSL certificate with the instructions to implement it on the ISPConfig 3 control panel.

    The ISPConfig control panel has the “SSL Key”, “SSL Request”, “SSL Certificate” and “SSL Bundle” options and the certificate I got delivered had the “www_domain_tld.crt”, “AddTrustExternalCARoot.crt” and “PositiveSSLCA2.crt” files.

    The private key was named “domain.tld.key”.

    The first thing I do is to turn on the SSL option for this specific website in ISPConfig.

    Then at the SSL options I fill in the options for “State”, “Locality”, “Organisation”, “Organisation Unit”, “Country” and “SSL Domain” with respectively the province, city, company name, company name, country and full domain including the www. subdomain (as this certificate was specifically issued for the www.domain.tld domain only, no wildcard or multi-domain) and hit “Create Certificate” on the “SSL Action” option.

    Now the ISPConfig system has the “www.domain.tld.crt”, “www.domain.tld.csr”, “www.domain.tld.key” and “” files in the /var/www/domain.tld/ssl directory.

    The next thing I found a bit puzzling.

    The files generated by ISPConfig and the SSL supplier don’t match up but this is how I made it work:

    The ”domain.tld.key” is obviously the private key, so I placed this in the ssl directory overwriting ”www.domain.tld.key”.

    The ”www_domain_tld.crt” seems to be the domain certificate, so I have replaced the “www.domain.tld.crt” file in the ssl folder with that one.

    Now I restart apache2

    # service apache2 restart
    If I test the certificate by approaching a single file (for example https://www.domain.tld/themes/theme/img/logo.jpg to eliminate any mixed content messages as false positives) from that hosting environment, I get a green “https” address bar in Chrome and tells me who the issuer was and when it expires.

    It also tells me “The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.”.

    When I look at the SSL options in ISPConfig, I see most options are filled out, except the “SSL Bundle” option.

    I have put the “AddTrustExternalCARoot.crt” file in the SSL directory and named it “www.domain.tld.bundle”.

    This leaves me with an awkward ”PositiveSSLCA2.crt” file to put somewhere in the equation.

    In order to make this certificate work in all browsers, you’ll need to copy that file to the ssl folder of the hosting for that domain and navigate to the options for the hosting for this domain and stick “SSLCACertificateFile /var/www/domain.tld/ssl/PositiveSSLCA2.crt” into the “Apache Directives” option.

    That last bit was to install the intermediate CA certificate correctly.

Share This Page