SSL Bug!

Discussion in 'General' started by ivomendonca, Apr 5, 2010.

  1. ivomendonca

    ivomendonca Banned

    Hello, I added this to bugtracker, adding ssl certificates can make ispconfig stop Working (Apache), if certificate has some error, apache will stop and you have to remove manualy(ssh) from vhost to restore the normal ispconfig service.
     
  2. ivomendonca

    ivomendonca Banned

    SSL Bug is this a bad question?

    Hello i did´t get any anwser for this, i assume that if ispconfig stops working from a faulty ssl certificate(added normaly from ispconfig) is not a bug then.

    My ssl is working i dont need any help.
    Thank you.
     
  3. falko

    falko Super Moderator Howtoforge Staff

    Since you've added this to the bugtracker, we will review this, but I don't think it's a bug in ISPConfig if there's a problem with the certificate.
     
  4. ivomendonca

    ivomendonca Banned

    Yes is a problem with certificate but ispconfig dont work after. And If it cant be verified is a big problem for webmasters that not know what to do.
    If we give the final client the permissions to add a certificate, that will make ispconfig server stop working for all clients.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig tests if a ssl cert get created. Also apache is not complaining about a invalid cert if you test the apache config with "httpd -t", so there are not many options for ispconfig to find yout if a ssl cert works or not. If ispconfig restarts for apache to test if it works for every website and every change, your server might get restarted several times a minute which will bring your sites down as well.

    I guess the only usable option might be to disable the ssl settings for clients, so that only the admin can add ssl certs.

    What exactly did you enter into the cert feilds that make apache fail?
     
  6. ivomendonca

    ivomendonca Banned

    I add the same, ispconfig creates multiple files when i save the ssl with new values. generates ssl for domain and other for subdomain (www.domain and domain).
    if is the same domain and the certificates are clones why apache crashes ?

    Maybe the problem is on certificate type ?
    I use a Turbo ssl.

    Just a question, this type of certificate validates on browser, but does not make the browser url green. do you know if thats normal ?
    Thanks.
     
    Last edited: Apr 8, 2010
  7. denie

    denie New Member

    How do you disable the SSL settings for clients?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig creates just one ssl cert for the domain or subdomain that you selected on the ssl tab. The other files are the csr and the key.

    Have you checked the ssl log?

    This is a proposal for a possible new feature. At the moment you can get the same result by creating the new website as admin for the client and do not enable the ssl checkbox. Clients can not enable ssl then as a client can not change a setting on the first website tab if the website had been created by the administrator.
     
  9. ivomendonca

    ivomendonca Banned

    The only errors that i have found.

    [Sat Apr 03 01:34:05 2010] [error] Unable to configure RSA server private key
    [Sat Apr 03 01:34:05 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
     
  10. falko

    falko Super Moderator Howtoforge Staff

    What values did you enter when you created the certificate?
     
  11. yooda

    yooda New Member

    SSL library error

    Same error.

    A Debian5/ispconfig3.0.2.1 working fine until yesterday morning. since apache fail to start.

    I've installed a new server. all ok until I past the rapidssl cert for one of my website. Apache fail to start : "Unabled to configure RSA server private key..."

    I delete the configuration of the cert in the vhost file and apache can start.

    No problem with the auto generated cert.

    what's wrong?
     
  12. yooda

    yooda New Member

    I don't have a dedicated ip, the cert is generated with the domain name.
     
  13. yooda

    yooda New Member

    it working fine before ! What's wrong with new rapidssl certificat?
     

Share This Page