SSL Cert install

Discussion in 'ISPConfig 3 Priority Support' started by dgeho1, Apr 18, 2014.

  1. dgeho1

    dgeho1 Member HowtoForge Supporter

    running Debian 2.6.32-48squeeze4 and Ispconfig 3.0.5.3 two server master/slave

    Have been trying to get a SSL Cert Installed without success

    I used ISPConfig to generate a CSR

    I got a bundle from my provider, inserted into ispconfig and then apache gave me a warning saying it could not restart with that config, and restarted with the last known working config, and renamed the offending files .err

    can I delete the keys via the ISP portal, then delete all of the files in the SSL dirs manually, and go thru the entire CSR and key issuing process via ISPConfig from a fresh start?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you can delet the ssl cert trogh ispconfig be selectin "delete certificate" as action and then press save. The steps to create a ssl cert are also decsribed in the ispconfig manual, as howtoforge subscriber you can download the manual here from howtoforge, in case that you havent done that yet.
     
  3. dgeho1

    dgeho1 Member HowtoForge Supporter

    Since I have tried doing the cert install according to the manual, and not been having success, I am beginning to think that there is something else wrong.

    would there be benefit to deleting the key info via ISPConfig, as well as deleting the files manually from command prompt to ensure a clean install?

    I have been fighting this problem for over a week now
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can do that if you want to be sure that everything is cleaned up.

    The procedure to install a ssl cert does not cause any problems normally, I do this dayil for our clinets:

    1) Enable the ssl checkbox in the website settings.
    2) Fill out the ssl cert details fields on the ssl tab and choose "create certificate" as action and click on the save button. After one minute, you have a working self signed ssl cert, key and csr. You can check that by browsing the website with ssl, it will work after showing a warning about a self signed ssl cert.
    3) To get a official ssl cert, copy the csr from the ssl page in ispconfig and let it sign from a ssl authority. You will get back a new ssl cert and some bundle / chain ssl certs.
    copy the ssl cert that you got back into the ssl cert field and the bundle ssl certs into the ssl bundle field. select "save certificate" as action and press on the save button. after 60 seconds, your site will show the signed ssl cert.
     
  5. dgeho1

    dgeho1 Member HowtoForge Supporter

    is the manual accurate in the statement that we can only have one ssl site per server or server IP? I know that I can have multiple IP's from my ISP, is it difficult to have multiple IP's per server?

    Also, double checking, what address needs to be in the IPv4-Address feild in ISP Config

    am I understanding correctly that when using SSL that we can't use the default "*" wildcard, and that we need to put the server's address here (private or public?)
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. It refers to classic SSL. With SNI, you can have multiple ssl certs on one IP, sni requires a current apache webserver and current web browsers.

    The private IP address of your server, if you want to use classic ssl. If you want to use SNI, then * works as well.
     
  7. dgeho1

    dgeho1 Member HowtoForge Supporter

    So since this a a relatively new install of everything, is is safe to assume that SNI will work fine?

    So I can have multiple websites using SSL on the same server, with one Private and Public IP?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    As long as none of your website visitors is using windows XP with IE < 9 anymore, then yes. SNI has to be supported by the server and client to work and Microsoft implemented it very late.

    Yes. But private and public IP do not matter anyway as a webserver uses always the private IP. The translation between private and public IP is done by the router.
     

Share This Page