Adding a WoSign SSL certificate to a website

Hello!
I have signed up for an SSL certificate at Wogsign and after going through their setup process and generating a Certificate Request in ISP (and enabling SSL for the website) I received a zip archive with crt and spc files. The folder marked "for Apache" (which my vServer runs on) has two files in it:
1_root_bundle.crt
2_[domainname.tld].crt

Do I just open the files with a text editor and paste them in the corresponding fields for the website in ispConfig?

 

Thanks till!
I did this. But I get an error im my browser when visiting the site via https.
The error is:
[domain.tld] uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
(Error code: sec_error_unknown_issuer)

 

I also had that confusion, I solved it as well.
hopefully translate well since I speak Spanish.

1.-ispconfig3 creates a certificate

2.-textarea ispconfig3 SSL Request send wosign so generate you the certificate
then you replaced certificate wosign that had already created ispconfig3

 

Thanks loadingjkr!
I did this too. What did you put in the field SSL Bundle?

 

Ok, I am an idiot. I forgot to select "Save certificate" and click ok.
Now there is no error message...

However, there is a little warning sign icon next to the site's address. And when you hover over it, it says:
"This website does not supply identity information."
Is that how it should be?

 

you have to put the (SSL Bundle) to be compatible SSL on more devices.
you can use SSL to check the result.
https://www.ssllabs.com/ssltest/
https://www.sslshopper.com/ssl-checker.html

 

Thanks!
The sslshopper check was all green. The SSLlabs one gave me these two errors/warnings:

• This server accepts the RC4 cipher, which is weak. Grade capped to B.
• The server does not support Forward Secrecy with the reference browsers.

As for how to fix this, I am not quite sure yet. I am looking for information on how to disable acceptance of RC4 cipher and enable forward secrecy with ISPconfig.

 

Thanks very much till! I started following the tutorial, but when I enter these commands:

Code:

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

I get the error message: command not found.

Where as this works:

Code:

openssl ciphers -v 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

I set up my vServer with the perfect server tutorial Debian 7 here on HowToForge. So I am running ISPConfig 3 on Debian 7.
Is there something obvious I am missing?

 

use panel ispconfig3 where it says SSL there log files
first create the certificate
don't forget to save

https://www.howtoforge.com/community/threads/ssl-not-found.68111/#post-324777

 

Thanks loadingjkr, I've gotten the certificate to work now. What I need to figure out now is the cipher thing, so that my SSL doesn't get the B note rather than A.

 

Thanks till!
I've now added the lines to the above file and now the error is a different one.
It says the website does not provide owner information. As far as I have been able to figure it out, that's because I'm using a free SSL certificate. That green symbol thing appears in the browser only if you purchase one of those more expensive certificates. Right?

 

Thanks till!
I'm gonna check and compare. This has definitely been a learning experience for me! Never dealt with SSL before. Thanks guys for helping me!