Just installed ispconfig3, problems with ssl certiftcates

Discussion in 'Installation/Configuration' started by littlespelk, Jun 22, 2009.

  1. littlespelk

    littlespelk New Member

    I get the following error message

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)


    How do I rectify this?
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    The ssl cert is broken or no ssl cert is installed. Please recreate the ssl cert.
     
  3. littlespelk

    littlespelk New Member

    Thanks for your reply.

    How do I recreate sll certificates for ispconfig3?

    Regards
    Littlespelk. (sorry im a newbie here lol.)
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    What do you mean with ssl certificate for ispconfig? ISPConfig 3 has no ssl cert, it is accessed by http and not https (see perfect server guides). The sl certificates for the sites that you created in ispconfig are created in ispconfig on the ssl tab.
     
  5. littlespelk

    littlespelk New Member

    I followed the guide and re-did the imapd and pop3d certificates
    i get cn name does not match the passed value. error.

    Ive named my server tycoon-game.com and used that as my cn value too.


    Also the certificate to allow https: pages isnt working

    I get " SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long) "

    when I try to log in vis https or try to access phpmyadmin via https

    Regards
    littlespelk
     
  6. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    You totally mix up different things.

    1) imap and pop3 certificates have nothing to do with ispconfig. They are certificates of the pop3 and imap daemon. If you dont like the certificates that come with the linux distribution that you have choosen, then you might have to recreate them. The commands are mkimapdcert and mkpop3dcert. See: http://www.howtoforge.com/forums/showpost.php?p=50707&postcount=5


    2) https access for phpmyadmin has nothing to do with ispconfig and is not configured with ispconfig. ISPConfig can be used to create ssl certificates for websites, but phpmyadmin is not part of a website that is created by ispconfig. So you get this error becaue you access a http service that is not configured by ISPConfig by using https.

    If you want to use services from your linux distribution with https you will have to create ssl certificates manually for the host that you use to access it.
     
  7. Master One

    Master One New Member

    I just found out, how to force SSL for access to my ISPConfig 3 installation (https://[i]server1.example.tld:8080[/i]), which is nicely explained here in the forum, but now I am clueless on how to force SSL for access to phpmyadmin and webmail as well (which in that case are accessible by http://[i]server1.example.tld/phpmyadmin[/i] and http://[i]server1.example.tld/webmail[/i] right now -> I installed SquirrelMail according to the The Perfect Server - Ubuntu 9.04 [ISPConfig 3], so SquirrelMail is symlinked in /var/www as "webmail -> /usr/share/squirrelmail/").

    Both are not under the control of ISPConfig, so what's the best way, that does not interfere with the ISPConfig 3 setup?
     
  8. Master One

    Master One New Member

    Ok, that was easier than expected, so answering myself:

    As I already used this proceeding to force SSL on ISPConfig access, which also included the creation of a new self-signed-cert, I just needed to add the symlink "000-default-ssl -> ../sites-available/default-ssl" to /etc/apache2/sites-enabled, and change the cert in /etc/apache2/sites-available/default-ssl (which can be omitted, because it is already preconfigured to use another self-signed-cert from /etc/ssl/certs/).

    I decided to add another symlink, and not to change the existing default one, so that phpmyadmin and webmail can be access normally and by SSL.
     

Share This Page