Configuring SSL certificate to website ISPConfig 3

Discussion in 'Installation/Configuration' started by rogeriosjr, Jan 12, 2011.

  1. rogeriosjr

    rogeriosjr New Member

    Hello all!

    I read ISPConfig 3 manual (5.4 How Do I Create An SSL Web Site?) and it works just for a Self-signed certificate and presents into my webclient browser that certificate was issued by "localhost.localdomain".

    I follwed instructions to save a trusted certificate, but it does not work for me.

    Can you help me to use this trusted certificate? Is there any other conf that I need to do into Apache or ISPConfig to solve this issue?

    Regards.

    Rogerio Siviero Jr.
     
  2. makensy13

    makensy13 New Member

    Hello,

    Simply generate the key (SSL request) to submit to a trusted authority (Verisign or others). Copy the certificate issued by the trusted authority in the SSL certificate.
    There.
    Sincerely,
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the exact error message that you got. Depending on the ssl authority that you used to sign the cert, it might be nescessary to add a chain certificate in the additional certs field. You should have received informations about that from the company where you bought the ssl certificate.
     
  4. rogeriosjr

    rogeriosjr New Member

    makensy13:
    I did it (copied SSL request generated by ISPConfig and generated SSL certificate in http://www.cacert.org/) after that I pasted SSL certificate genereted by CACert into SSL certificate field in ISPConfig.

    till:
    I copied and pasted "Root Certificate (PEM Format)" and "Intermediate Certificate (PEM Format)" from http://www.cacert.org/index.php?id=3 into SSL bundle field and saved it.
    Is it correct?

    Into ISPConfig I not see any error, just when a user access the SSL site/url and certificate error (CA Root untrusted etc) is presented by web browser.
    I know that it is ocurring because the root/certificate is showed as "localhost.localdomain" but I can't solve/configure it to use root certificate from CACert instead.

    Is there any tip to troubleshoot my configuration to be sure I am configuring in the right way?

    Regards,

    Rogerio Siviero Jr.
     
  5. rogeriosjr

    rogeriosjr New Member

    makensy13:
    I generated the key (SSL request) correctly and submited to a trusted authority (CACert). After that I pasted it into SSL Certificate filed.

    till:
    I am not receiveing any error into ISPConfig 3, just when a user access this https site where web browser present a certificate error (root and intermediate) shown as it was issued by "localhost.localdomain" (that I know its incorrect).

    I copied and pasted root and intermediate certificates from CACert (Root Certificate_PEM_Format and Intermediate Certificate_PEM_Format from http://www.cacert.org/index.php?id=3) into SSL bundle (ISPConfig) field, but even that the error continue to occur.

    --> How can I troubleshoot my configuration to certify that I am doing the correct configuration?

    Regards,

    Rogerio Siviero Jr.
     
  6. rogeriosjr

    rogeriosjr New Member

    makensy13:
    I generated the key (SSL request) correctly and submited to a trusted authority (CACert). After that I pasted it into SSL Certificate filed.

    till:
    I am not receiveing any error into ISPConfig 3, just when a user access this https site where web browser present a certificate error (root and intermediate) shown as it was issued by "localhost.localdomain" (that I know its incorrect).

    I copied and pasted root and intermediate certificates from CACert (Root Certificate_PEM_Format and Intermediate Certificate_PEM_Format from http://www.cacert.org/index.php?id=3) into SSL bundle (ISPConfig) field, but even that the error continue to occur.

    How can I troubleshoot my configuration to certify that I am doing the correct configuration?

    Regards,

    Rogerio Siviero Jr.
     
  7. rogeriosjr

    rogeriosjr New Member

    makensy13:
    I generated the key (SSL request) correctly and submited to a trusted authority (CACert). After that I pasted it into SSL Certificate filed.
     
  8. rogeriosjr

    rogeriosjr New Member

    till:
    I am not receiveing any error into ISPConfig 3, just when a user access this https site where web browser present a certificate error (root and intermediate) shown as it was issued by "localhost.localdomain" (that I know its incorrect).

    I copied and pasted root and intermediate certificates from CACert (Root Certificate_PEM_Format and Intermediate Certificate_PEM_Format from http://www.cacert.org/index.php?id=3) into SSL bundle (ISPConfig) field, but even that the error continue to occur.

    How can I troubleshoot my configuration to certify that I am doing the correct configuration?

    Regards,

    Rogerio Siviero Jr.
     
  9. rogeriosjr

    rogeriosjr New Member

    till:
    I am not receiveing any error into ISPConfig 3, just when a user access this https site where web browser present a certificate error (root and intermediate) shown as it was issued by "localhost.localdomain" (that I know its incorrect).

    I copied and pasted root and intermediate certificates from CACert (Root Certificate_PEM_Format and Intermediate Certificate_PEM_Format from http://www.cacert.org/index.php?id=3) into SSL bundle (ISPConfig) field, but even that the error continue to occur.

    How can I troubleshoot my configuration to certify that I am doing the correct configuration?

    Regards,

    Rogerio Siviero Jr.
     
  10. falko

    falko Super Moderator Howtoforge Staff

    Any errors in Apache's error logs (the normal one and the SSL error log)?
     
  11. rogeriosjr

    rogeriosjr New Member

    Into: /var/log/httpd/ssl_error_log

    [Wed Jan 12 09:06:17 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Jan 12 09:06:17 2011] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?

    Can't see any other error.

    Rogerio Siviero Jr.
     
  12. rogeriosjr

    rogeriosjr New Member

    See the error message from client web browser at attached file "ssl-errorIE.png"

    Regards

    Rogerio Siviero Jr.
     

    Attached Files:

  13. falko

    falko Super Moderator Howtoforge Staff

  14. rogeriosjr

    rogeriosjr New Member

    Problem solved.

    I defined an exclusive IP address and reviewed that other websites were not using the same IP and all worked fine.

    In my case, as I was using a private IP address to ispconfig server (my firewall redirect our public IPs to internal servers - NAT) and I had to add an additional private IP to this ispconfig server and define it to be used exclusively to the SSL website.
    In the beginning I was configuring my SSL website to use the public IP address, but I realized that I needed to configure it with the private IP address and not with that public one.

    Thanks!
    Rogerio Siviero Jr.
     
  15. tester10

    tester10 New Member

    ssl problem configuring website

    Hi lads

    quick question

    i have got ispconfig 3.4.5 latest version running, i have setup a few websites

    none of them use SSL at the moment, but as i have seen the feature in the manual and also available in my control panel i have decided to make some testing


    i have selected the option ssl whilst adding the new website, and also went to the ssl config page and have filled out all information , estate, country, address, deparment etc, afterall i have selected option Create ssl and pressed save.

    so far so good i can also navigate via FTP in to the new website folder and i can see the ssl certificates etc.

    but when i try to login to website with https://xxxxxxxx it gives me a error

    on my mozilla firefox, as i know its not mozilla firefox as i have configured ISPPanel webif to use https and it works fine , so as other sites also with https.

    but on my newly site created for testing it comes up the following message



    SSL received a registration that exceede the max lenght size permitted.

    (error code: ssl_error_rx_record_too_long)

    Does anyone have ideas of what i am doing wrong ?? also do i need to edit something in the ETC/apache2/sites enabled config for my new site?
    if so how shall i do it in order to get the new site working ok with ssl?

    Any help will be appreciated lads, and sorry for any newby kind of question as i have been just running isp litle under 6months so still learning as it goes by.

    P.S - I have tested opening the new site withou ssl and it opens ok http://xxx

    thxs
    tester100
     
  16. falko

    falko Super Moderator Howtoforge Staff

    What exactly did you fill in? Maybe you put something invalid there which resulted in an invalid cert.
     
  17. moglia

    moglia New Member

    Steps to Generate a ceacert.org to ispconfig

    I read it for find a solution: http://wiki.cacert.org/SimpleApacheCert

    • 1 Go To Sites --> Websites;
    • 2 Select web site as you want click on checkbox to enable ssl and click on save;
    • 3 Goto SSL Tab on the website and create certificate and click on save and wait a little time to ispconfig generate the cert;
    • 4 Back to SSL Tab on the website on first box get the -----BEGIN CERTIFICATE REQUEST----- content on the first box and copy to your memory or paste on a text editor temporally;
    • 5 Add and validate the domain on domain part of cacert.org;
    • 6 On new server cert click on new cert and paste previous certificate request information.;
    • 7 Get the certificate generated info and copy it on text editor;
    • 8 Get the CAcert_chain.pem (download link below) content and copy it on text editor;
    • 9 Back to SSL session on your domain at ispconfig;
    • 10 Paste the certificate generated info Certificate Box (Second Box);
    • 11 Paste the CAcert_chain.pem content into SSL Bundle (Latest Box);
    • 12 Finaly, select save certificate on ssl action combo and click on save button;

    For Cacert:
    The Bundle You Get Here:
    http://wiki.cacert.org/SimpleApacheCert?action=AttachFile&do=view&target=CAcert_chain.pem
     

Share This Page