Use Main Site SSL Configuration For ISPConfig Control Panel?

Discussion in 'Installation/Configuration' started by Elbonian, Jan 1, 2014.

  1. Elbonian

    Elbonian New Member

    I have a suggestion followed by a question (or two). If a valid SSL configuration exists for the web site (or the primary web site where the control panel is located), then it is probably a good idea to restrict the control panel to be used only with SSL and the web site's own SSL configuration. So, I have https://www.example.com/ working properly and I would like to see https://www.example.com:8080/ and https://www.example.com:8081/ both use the valid SSL configuration from the main web site. I found the actual paid-for certificates (entered through the control panel) in the /var/www/clients/client1/web1/ssl directory. But the only way I was able to reference those certificates was to hack into the web server configuration files and change them manually. I'm worried that those files might get overwritten at some point, so it would be nice if this option were actually supported by ISPConfig. what I did for Apache was:
    Code:
    Then edit the /etc/httpd/conf/sites-available/ispconfig.vhost file thusly:
    1.  Comment out the existing SSLCertificateFile and SSLCertificateKeyFile lines; and
    2.  Add the lines to point to the folowing 3 files in the web site ssl directory:
        SSLCertificateFile *.crt
        SSLCertificateKeyFile *.key
        SSLCACertificateFile *.bundle
    
    So, if you rewrite the ispconfig.vhost file for some reason, would you overwrite or preserve the above change? Is there another way to do this that I somehow missed along the way?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Just ensure that you store the ssl cert in the ispconfig ssl directory /usr/local/ispconfig/interface/ssl/ then ispconfig will preserve the certs.
     
  3. Elbonian

    Elbonian New Member

    OK, got that. Now for the next question. In that directory I have:
    Code:
    ispserver.crt
    ispserver.csr
    ispserver.key
    ispserver.key.secure
    
    In my /var/www/clients/client1/web1/ssl directory I have:
    Code:
    {domain}.bundle
    {domain}.crt
    {domain}.csr
    {domain}.key
    {domain}.key~ (which is probably the original {domain}.key file)
    {domain}.key.org
    
    Now this stuff is tricky to get it to work right, so I have to ask:
    1. Are you telling me to copy my files unchanged into the /usr/local/ispconfig/interface/ssl/ leaving the existing ispserver.* files right there as they are?
    2. If not, are you telling me to copy my files over the top of the equivalent ispserver.* files?
    3. If #2 is yes, can I presume that I need to first concatenate my {domain}.crt file followed by my {domain}.bundle file to make up the new ispserver.crt file with {domain}.csr becoming ispserver.csr, {domain}.key becoming ispserver.key, and {domain}.key.org becoming ispserver.key.secure?
    4. If not, then what?

    Thanks in advance,
     

Share This Page