new install Deb/ISPC3 and StartSSL

Discussion in 'General' started by JESUSSAVES, Aug 28, 2012.

  1. JESUSSAVES

    JESUSSAVES New Member HowtoForge Supporter

    Hi,

    I had obtained a class 1 certificate from StartSSL following howto on my previous Fedora ISPConfig3 installation.

    Now I've changed to Debian 6 and ISPConfig3 following

    perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3

    and want to use my certificate again.

    Can I do this? It is the same hardware but different OS so I think there may be a problem.

    I tried at StartSSL.com to take out another certificate for the same FQDN but it wouldn't let me, said that e.g. server1.example.com certificate already exits.

    It suggested that I either revoke my current certificate ($25) or apply for a class 2 certificate.

    Can I use my existing certificate? I need to get rid of the browser cert warnings. Can I go to a class 2 without having to revoke my class 1?

    Could someone please point in the best direction? Thank you.
     
  2. cfoe

    cfoe ISPConfig Developer ISPConfig Developer

    The cert is not bound to hardware or OS.
    You can use the "old" cert on the new installation.

    I am not totally sure but I think you do not need to revoke the class1 cert (server1.example.com) if you register the class2 cert with a wildcard (*.example.com).

    The class2 cert you can use on all you machines like server1.example.com, server2.example.com ....
     
  3. JESUSSAVES

    JESUSSAVES New Member HowtoForge Supporter

    Thank you for your response.

    Perhaps I did something wrong but I tried to paste my existing cert into the
    /usr/local/ispconfig/interface/ssl/ispserver.crt file and continued with the howto

    securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl

    from that point forward. But when it came to restarting apache it got an error.

    Perhaps I should try it again.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    If you use a existing cert, then you have to replace the key as well as key and cert file belong together and apache will not start when ou use the wrong ky for the cert.
     
  5. JESUSSAVES

    JESUSSAVES New Member HowtoForge Supporter

    I see, I don't have the original key (I've only saved the crt), so I can't reuse my existing cert without it.

    Thank you Till! I know what to do from here. Thanks again.:)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Most SSL authoritys offer to reissue a cert free of charge if the key is lost.
     
  7. JESUSSAVES

    JESUSSAVES New Member HowtoForge Supporter

    Thanks again, I'll check into it.
     

Share This Page