SSL Certification Authority on hostname.domain.com

Discussion in 'ISPConfig 3 Priority Support' started by Harvey Sharman, May 2, 2016.

  1. Harvey Sharman

    Harvey Sharman Member HowtoForge Supporter

    Hi guy / @till ,

    (have looked around on forums about this)

    I have now purchased 1 domain SSL certificate from Comodo SSL for hostname.domain.com and is successfully installed in ispconfig.vhost and all working great for the ISPConfig interface login 'https://hostname.domain.com:8080 but when I want to do 'https://hostname.domain.com/webmail or even go to https://hostname.domain.com I still get the browser warning that it is self-signed certificate. This is purely only for mail server nothing else. I even need my hostname.domain.com to work on my incoming and outgoing mail with SSl emails on my Microsoft Outlook but this still says certificate is invalid (self-signed certificate) over ports 995/465. I know the ispconfig.vhost file does the ISPConfig interface area over HTTPS but need to work out where to point my .crt certificate so my hostname.domain.com works everywhere including my incoming/outgoing mail server.

    Tried to use /etc/apache2/apache.conf but did not make any difference by entering my Comodo SSL certificates.

    Do I need to enter my SSL certificates somewhere in the ISPConfig Interface settings to tell it to use SSL on whole of my hostname.domain.com?

    Harvey Sharman :)
     
    Last edited: May 2, 2016
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Hi,
    there is no place to put it for "everywhere".
    The postfix certificate mostly resides in /etc/postfix/smtpd.*
    The dovecot certificate might not yet be configured (see http://wiki.dovecot.org/SSL/DovecotConfiguration)
    The certificate for the ftp server is in /etc/ssl/private/pureftp*
    The certificate for the web server (other than custom vhosts) is configured in the 000-default vhost or in the 000-apps vhost depending on what you have set up.
     
  3. Harvey Sharman

    Harvey Sharman Member HowtoForge Supporter

    Thank you Croydon for very quick response :D

    Yes in /apache2/sites-available/ I have 000-default.conf, apps.vhost, default-ssl.conf, ispconfig.conf and the ispconfig.vhost. So will have to play around with these files to see which one and what commands going to work.

    ISPConfig was installed/setup using the auto-installer on Debian 8.

    Harvey Sharman
     
    Last edited: May 2, 2016
  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    In that case the places to look are default-ssl.conf and apps.vhost (as you said you already configured ispconfig.vhost).
    The other services like mail server have to be configured outside of apache (as stated above).
     
  5. Harvey Sharman

    Harvey Sharman Member HowtoForge Supporter

    @Croydon or @till, Thank you.

    All Postfix and Dovecot with SSL ports is all working great with the Comdo SSL from your quote /etc/postfix/smtpd and /etc/dovecot/

    Ok, now am trying to visit /webmail over SSL connection e.g. ('https://hostname.mydomain.co.uk:8081/webmail') but I get 'The requested URL /webmail was not found on this server'. But if I access without (webmail) ('https://hostname.mydomain.co.uk:8081') I get ' Index of /' which connects correctly with my Comodo SSL certificate but just an empty ' Index of / page. Even if I access only ('https://hostname.mydomain.co.uk') I get the self-signed browser warning.

    I tried entering my .crt/bundle files in default-ssl.conf and apps.vhost then made sure to 'hash' out but not seeing it. Looks like default-ssl.conf not even used because if I rename the file as a test, everything still functions. Nothing in apps.vhost that corresponds to any SSLCertificateFile or SSLEngine On.

    I did notice in the ISPConfig Interface > System > Server Config > Web, that there is the SSL settings and ticked SNI box but not sure what has to go in CA Path and CA Keyphrase. Assume this is where my .crt certificate and .key files are located e.g. /etc/apache2/ssl/mycert.crt

    Harvey Sharman
     
  6. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    The :8081 resides in /var/www/apps - so your webmailer would have to be in there to work.
    The https://hostname.mydomain.co.uk/ should be in default-ssl.conf so you have to configure the ssl cert in there and restart apache afterwards.
     
  7. Harvey Sharman

    Harvey Sharman Member HowtoForge Supporter

    Yes thank you ok will try that tomorrow of course.
     

Share This Page