Existing SSL Wildcard certificate for interface, postfix, dovecot ssl imap ssl pop3 ...

Discussion in 'Installation/Configuration' started by Quax, May 5, 2020.

Tags:
  1. Quax

    Quax New Member

    I have an existing SSL wildcard certificate for my domain (*.domain.net)
    I installed the ISPConfig 3.1dev (don't know why dev - I selected stable) on Ubuntu 18.04 with the help of the perfect server manual.
    While Installation I generated a self signed certificate.
    The server belongs to the domain of the wildcard certificate (server.domain.net)
    Is there any manual, how to use this certificate for the interface, webmail and the access to imap via ssl and pop3 via ssl and smtp via ssl.
    I found a lot of things about lets encrypt or certificates with the csr of the ispconfig server, but nothing about a change to a existing wildcard certificate. The special thing is: my certificate needs an intermediate certificate and maybe a additionally ca.
    How I can implement the intermediate certificate, if the wildcard certificate generated with an csr not of the ispconfig server is possible.
    If I implement manually, do I have to look for database entries or other related things.

    I would be happy, if someone can show me where I can find a maunal for this envorinment
     
    Quax, May 5, 2020
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Replace ssl cert, key and bundle in the files in /usr/local/ispconfig/interface /ssl/ (us the same file names) and then restart all services.
     
    till, May 5, 2020
    #2
  3. Quax

    Quax New Member

    After a ispconfig_update.sh now I can see Version 3.1.15.p3
     
    Quax, May 5, 2020
    #3
  4. Quax

    Quax New Member

    I allready replaced the crt and the key file, there were no bundle file (pem) there (o I changed only them), but then I got the browser message of self signed again.
    (other date)
    But the certificate is used in a website on an other server and runs.
    About the postfix dovecot certificates, I saw some files for certificates there - willthey be change automaticlly
     
    Quax, May 5, 2020
    #4
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Last edited: May 5, 2020
    ahrasis, May 5, 2020
    #5
  6. Quax

    Quax New Member

    Is there any need to create a file which ends with .bundle?
    I found such file in an older ispconfig server on website ssl folder.
     
    Quax, May 5, 2020
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    If your SSL cert requires the installation of chain certificates, then yes. This file must contain the chain certificates.
     
    till, May 5, 2020
    #7
  8. Quax

    Quax New Member

    I tried it with a site www.domain.net and then put in the csr, crt key and bundleinformation and use save certificate and save, but there were no bundle file created. Only csr crt and key files. (because of wildcard certificate I wanted to copy the files to the interface place (then rename it to the isperver interface names). Why I got no bundle file on the site?
     
    Quax, May 5, 2020
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    That's absolutely fine for a site as this is handled differently for sites in current apache and Nginx versions. But this thread here is about the SSL cert for other services like postfix etc. and the mail interface, so if your SSL cert requires chain certs, then create the bundle file as mentioned earlier.
     
    till, May 5, 2020
    #9
  10. Quax

    Quax New Member

    Thank you for your help, after creating the new crt, key, bundle and pem file in interfaces/ssl and made the links from postfix and dovecot and a complete restart, all things seems to be ok.
    Thank you very much, stay healthy
     
    Quax, May 5, 2020
    #10
    ahrasis likes this.

Share This Page