Received following files for my ssl setup from register.com AddTrustExternalCARoot.crt USERTrustRSACertificationAuthority.crt USERTrustRSADomainValidationSecureServerCA.crt SERVER1.example.EU.crt where should I put what and how? thanks for the support!
This did not work ==> server crashed. according to the ssl provider: SERVER1.domain.crt - end user certificate. put this into: SSL certificate? USERTrustRSACertificationAuthority.crt - 1st intermediate and USERTrustRSADomainValidationSecureServerCA.crt - 2nd intermediate should I put these two into: SSL Bundle AddTrustExternalCARoot.crt - root certificate. Where should this go into?
yes. yes It is possible that this is not required. just test it. If its required, then this goes into the bundle field as well. The server hangs when your ssl key and cert doe not match. Thhis hapens e.g. when you created the ssl csr and key outside of ispconfig and then forgot to exchange the key in ispconfig or when you recreate the ssl csr and key so that a different csr was used by the ssl authority then the one that is now in your ispconfig system. The steps to install a ssl cert are described in the manual in details incl. screenshots btw.
Till, when I had my csr generated by ispconfig and checked it on symantec csr checker, the csr was rejected because of a pass-phrase in it. My ssl provider (register.com) told me to use the tool since the by ispconfig generated csr was not accepted by them.
The scr generated by ispconfig has no password. The checker you used must be faulty or you copied a wrong csr or some other kind of data to it. The csr generated by ispconfig are working with all authorites, I just installed 2 certs last week for a client and used one csr at comodo and one at thawte. When you create a csr outside of ispconfig, then you have to insert the new key on the ispconfig ssl tab.
Ok, You know i am still a noob on this so please stay with me. I created in directory /etc/ssl per direction of my ssl provider www.register.com a new key and CSR by running: openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr I put these in a new directory being: /etc/ssl/2015-06-01_new_ssl Next step for me will be to submit the this csr which i hope to be able to do today. Should I already now put myserver.key in the server ssl field: SSL Key and server.csr in the SSL server field: SSL Request?
I received all new package. The only field emty in ispconfig is the SSL request field. Should that remain empty? Or should i put the CSR in this field? How can I check whether the SSL package is properly installed?
Thats ok, it can remain empty. the csr is only needed to get a new ssl cert. Open the website with https in the browser. if you dont get a ssl cert error, then the certificate is properly installed.
This is the message I received: Secure Connection Failed An error occurred during a connection to www.example.eu. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Any idea how to resolve it? BTW the provider of the ssl package says following with regards to installation: How to Install a Certificate Using Apache With Mod_ssl and OpenSSL: Copy the certificate and CA bundle file to your server, into a directory where you plan to keep your certificates. This is commonly /etc/ssl/. You will now need to edit the Apache configuration file. The location of this file can vary depending on your distribution (Windows, Debian/CentOS/Fedora/etc. Linux) and the version of Apache you are using. Locate the file and open it in your preferred editor. Locate the VirtualHost section for the ssl-enabled site you are installing the certificate for. This will commonly begin <VirtualHost 127.0.0.1:443>. Add the following lines into the VirtualHost section, making sure to change the paths of the files to correspond to the locations of the files on your server. Apache 2.x: SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle Save the changes to the file. Now you will need to restart Apache. It is sometimes required to stop then start Apache, instead of issuing the restart command for the changes to take effect. until the password is entered. The configuration file is often called httpd.conf or apache.conf, although sometimes the SSL-specific section is placed in a separate file called ssl.conf and linked from the main configuration by an Include command. Sometimes, the VirtualHost section will be in a specific file for that site, in a sub-directory often labelled sites-enabled/. What should I do now to get https working?
1) Dont use the instructions from your ssl provider. They are not compatible with servers that use a hosting controklpanel like ispconfig, cpanel, directadmin or any other one. 2) The installation of a ssl cert is really easy, see ispconfig manual that explains the steps incl. screenshots. all you have to do is to enable the ssl checkbox in the website settings, then copy the key into the key field, the cert into the cert field, the chain certificates into the ssl bundle field, select "save certificate" as action and press save.
Ok I did it exactly as you said. However where should I put AddTrustExternalCARoot.crt - root certificate? I put it at the top of the ssl bundle, in the middle and in the end, and I also did not put in the bundle at all. I think the AddTrustExternalCARoot.crt - root certificate should be placed somewhere but where? by the way the bundle has no empty lines in it. Is that correct? It is build as follows: -----begin---- shsjsjkslsssshj ssdgggdhhdh ----end---- ----begin----- ddhjfjfkkff ddjjdkdkld ----end----
Like I explained in the other posts, this cert is most likely not needed at all. In any case, it hs nothing to do with your current ssl error. Yes, thats correct.
Ask someone with server admin experience to install the certs for you. I use the seps from the ispconfig manual that I explained above several times a month and they always work, so not sure whats wrong with your system or the ssl cert that your ssl provider send you.
Thanks. And I thought that you got all needed server admin experience to install the certs . I will try it once more by first deleting all ssl fields in ispconfig manually and then safe it. Next I will have ispconfig create the SSL key, SSL request, SSL cerificate and SSL bundle. Could this work?
Off course I know how to install ssl certs. If I shall install the certs, contact the ISPConfig business support. That should work. Before you sign the ssl csr you should check if the self signed cert actually works.
How to check if the self signed cert actually works? After using https://www.example.eu and accepting for the self signed certs I was able to connect All ssl fields are filled in except the SSL bundle. Is this correct? How to continue now?