ssl

Discussion in 'Installation/Configuration' started by Ryanmt, Feb 23, 2011.

  1. Ryanmt

    Ryanmt New Member

    Im having a problem with SSL on ispconfig 3.

    The certificate is installed for the domain on the control panel but when visiting

    http:// i get the correct site

    when visiting https:// i get redirected to /var/www/html/ folder?

    Is there anything i need to change manually to get it working?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Are there any errors in Apache's error log?
     
  3. Jonkr

    Jonkr New Member

    there are no errors against the individual domain error log as it doesn't connect to the vhost. in the /var/log/httpd error logs it shows the following but i think this is just because there is no signed certificate linked to that area

    [Sun Mar 06 04:02:22 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun Mar 06 04:02:22 2011] [warn] RSA server certificate CommonName (CN) `MyServerName' does NOT match server name!?
    [Sun Mar 06 15:31:11 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/images
     
    Last edited: Mar 7, 2011
  4. Ryanmt

    Ryanmt New Member

    As above, no errors in ssl_error_log

    ssl_access_log and ssl_access_log seem report ok, were just not getting to the correct site, just the html base dir.

    looking at the domaisn vhost there is no ssl section which i thought was unusual.. unless its handled elsewhere?

    The certificate doesnt have an ssl bundle so thats left blank in the cp. Is this gonna effectt things?

    ssl isnt my strong point so got me stumped this one!

    -edit, found the bundle from the CA's site. Still no joy though ispconfig doesnt output any ssl data to the /etc/httpd/conf/sites-enabled/domain.com.vhost file

    I have tried adding

    But apache refuses to start
     
    Last edited: Mar 7, 2011
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You found already why ispconfig is not writing it: "But apache refuses to start"

    ISPConfig writes the config, tests it, if apache fails to start, the config gets rolled back to the last working state automatically.

    Please remove your manual modifications in the vhost config file as they will block the configuartion process for all other sites.

    The steps to enable ssl are:

    1) Select an IP address for the website. * will not work!
    2) enable the ssl checkbox in the website settings.
    3) enter the details for the ssl certificate on the ssl tab, select "create certificate" as action. Do not use special chars like umlauts or accebts in the ssl cert details.

    The ssl cert will be created now within 1 - 2 minutes.
     
  6. Ryanmt

    Ryanmt New Member

    Point 1 was the issue. It is now outputting to vhost file!

    However, its still redirecting to the wrong directory :( and the certificate supplied is the server one not the one added in the control panel.

    I am acessing this via an entry in my hosts file should that make any difference?

    ssl_error_log

    [Mon Mar 07 19:24:03 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Mon Mar 07 19:24:03 2011] [warn] RSA server certificate CommonName (CN) `server32' does NOT match server name!?

    i dont think this is related.

    However this seems to be the issue, int he sites error log

    [Mon Mar 07 20:09:57 2011] [error] Init: Private key not found
    [Mon Mar 07 20:09:57 2011] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
    [Mon Mar 07 20:09:57 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Mon Mar 07 20:09:57 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
    [Mon Mar 07 20:09:57 2011] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
     
    Last edited: Mar 7, 2011

Share This Page