[SOLVED] StartSSL Cert without CSR

Discussion in 'ISPConfig 3 Priority Support' started by sftp, Sep 28, 2015.

  1. sftp

    sftp New Member

    Hello everybody,

    I have a StartSSL Cert which I created entirely through the StartSSL website = I have not created a self signed certificate in the SSL tab in ispconfig and submitted the corresponding CSR to StartSSL.
    I'm having problems getting the certificate to work. All possible combinations of private-key / cert / ca.pem seem to not work. I'm also not sure what exactly to place in the "Bundle"-field.

    Before I invest more time, can anybody tell me if this works in general (using a cert without creating a CSR in Ispconfig)? Also, is it possible to get this done via Ispconfig or should I switch to cli?
    I have read the manual, but unfortunately it did not realy help me in this matter.

    Any help / hint is appreciated!

    Thanks a lot in advance,

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats possible. You just have to insert the correct key in the key field, the correct certificate in the certificate field and then select "save certificate" as action and press on the save button.

    The ssl bundle field is for the bundle or chain certificate. This certificate is required for most ssl authorities, you should receive that from startssl as well.

    Thats described in chapter "5.4.1 How Do I Import An Existing SSL Certificate Into A Web Site That Was Created Later In ISPConfig?" of the manual.
  3. sftp

    sftp New Member

    Thanks for you answer Till.

    I guess I have to remove the password from the private key for it be readable by apache?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Be careful and dont reboot as your server might hang when you reboot it know until you removed the password from the key.
  5. sftp

    sftp New Member

    OK, thanks again. I will test it and report back!


    It's now working like a charme.

    If anyone else has problems with it, here is the solution:
    • I removed the password from the private key and pasted the private key without password into the corresponding field in ispconfig.
    • The contents of the file ca-bundle.pem (from here https://startssl.com/certs/) go into into the bundle field in ispconfig.
    • The same with the certificate file.
    • Click on save and check you ssl config via an external website like https://www.sslshopper.com/ssl-checker.html

    Thanks again Till for your quick help!
    Last edited: Sep 29, 2015

Share This Page