SSL certificate

Discussion in 'Installation/Configuration' started by Jorem, Apr 23, 2010.

  1. Jorem

    Jorem Member

    I am struggling with the SSL certificate for the ISPConfig Control Panel.

    I tried to install a certificate to a domain through the control panel to use it for the login: https://www.domain.com:81
    But I keep getting errors.

    Is there a step by step guide about how to install a SSL certificate in the ISPConfig server?
    Which certificate do need to buy?

    Hope someone can help. Time to get a real certificate instead of the self signed one :).
     
  2. Mark_NL

    Mark_NL Member

    It would be nice if you informed us with the error you're getting ..
     
  3. Jorem

    Jorem Member

    I got a error for the CSR key that should be 2048 instead of 1024.

    Found this in another post that helped out:

    1. edit the openssl.cnf.master file
    (typically it is in /root/ispconfig/isp/conf)
    change the "default_bits" from "1024" to "2048"

    2. edit the file config.lib.php
    (typically it is in /root/ispconfig/scripts/lib
    Change the "1024" to "2048" in the following command:

    openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 1024 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key

    3. restart ispconfig (i.e. service ispconfig_server restart)

    Waiting for the Certificate from GoDaddy now. Found this topic with a working solutions for GoDaddy. So should also work for me :).
    http://howtoforge.com/forums/showthread.php?t=27606&highlight=ISPConfig+CSR
     
  4. demortes

    demortes Member

    Thought I should let you guys know, for those personal non-commercial folks out there, you can get a free SSL certificate from StartSSL. Only costs if you are using it for commercial reasons, and I have installed it absolutely perfectly. They also provide support for their certificates through Jabber, 24 hours a day.

    Link: http://www.startssl.com/

    Also, they offer free certificates for email encryption and signing. That's another topic however :)
     
    Last edited: Apr 25, 2010
  5. Jorem

    Jorem Member

    The install on the domain went fine. But when I want to copy the cert to the ISPConfig apache server it stops working.

    I copy the cert to the /root/ispconfig/httpd/conf/ssl.crt directory. After that I changed the httpd.conf file to point to the new cert (default to server.crt).

    When I restart ISPConfig server I get a error that it can not start server.

    In another post I read about the directory /root/ispconfig/httpd/ssl . But I do not have this directory. Do I need to make it?
    What do I need to change in the httpd.conf to get it to work with the new certificate?

    For the domain it is working great, only for the :81 now.
     
  6. createch

    createch New Member

    Try this...

    1. Upload the 2 key files from Godaddy to the ssl directory of the domain concerned (gd_bundle.crt and yourname.crt), then

    2. In the ISPConfig panel, go to the domain concerned, add the apache directive:

    SSLCertificateChainFile /var/www/web#/ssl/gd_bundle.crt
    [replace the above # with the domain number]

    3. Restart http (i.e. service httpd restart)
     
  7. Jorem

    Jorem Member

    Still trying to get this to work for the Client Panel :)81).
    Domain works fine for almost a year now.

    Hope someone can help with adding the ssl cert to my ISPConfig httpd server.
     
  8. falko

    falko Super Moderator Howtoforge Staff

    When you try this, are there any errors in the ISPConfig apache error log in /root/ispconfig/httpd/logs/?
     
  9. Jorem

    Jorem Member

    This is the error I get:
    [error] mod_ssl: Init: (www.domain.com:81) Unable to configure RSA server private key (OpenSSL library error follows)
    [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

    I have a GoDaddy vertificate for my domain. But did not get a key file. Or do I have to generate a new one?
     
  10. falko

    falko Super Moderator Howtoforge Staff

    You have to put the key file that you generated for domain.com into /root/ispconfig/httpd/conf/ (name it ssl.key; make a backup of the old ssl.key first).
     
  11. Jorem

    Jorem Member

    JJiiihhaaaaaaa it works :D.

    Thank you so so much Falko.
     

Share This Page