SSL Certificate by Verisign

Discussion in 'Installation/Configuration' started by msource, Dec 11, 2007.

Page 1 of 2
  1. msource

    msource New Member

    Hi,

    We have a website (https://www.imunostar.pt/) that work's with the Verisign Certificate. How can we implement this certificate on a domain in the ISPConfig?

    We have to follow some insctruction that verisign gave us for create a crt to send it to them. Then they send us one crt that contains the correct certificate.

    Keep the good working. This Framework is very cool.
     
    msource, Dec 11, 2007
    #1
  2. Hans

    Hans Moderator Moderator

    Hans, Dec 11, 2007
    #2
  3. msource

    msource New Member

    msource, Dec 12, 2007
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You dont have to recompile apache, you can add one SSL website per IP address in ISPConfig without any modifications in apache if you have enough free IP addresses.
     
    till, Dec 12, 2007
    #4
  5. msource

    msource New Member

    Hi,

    I just have one server, with one NIC, and one IP.

    I installed ISPConfig on that machine. I have 4 clients that i have to give HTTPS access with the certificate from verisign.

    With this cenario, i need the apply the patch?
     
    msource, Dec 12, 2007
    #5
  6. falko

    falko Super Moderator Howtoforge Staff

    I think so, but I haven't tried this tutorial yet.
     
    falko, Dec 13, 2007
    #6
  7. DCGWS

    DCGWS New Member

    HOWTO Request

    Falko -

    Do you have any plans on doing a HOWTO for this using Fedora? :D
     
    DCGWS, Dec 14, 2007
    #7
  8. falko

    falko Super Moderator Howtoforge Staff

    Maybe... :)
     
    falko, Dec 15, 2007
    #8
  9. DCGWS

    DCGWS New Member

    Cool...that would be awesome.

    Can you at least give me a hint... what are the ./config parameters for openssl using openssl-0.9.8g? Is it ./config prefix=/usr/local --openssldir=/usr/local ?
     
    DCGWS, Dec 16, 2007
    #9
  10. cfunk

    cfunk New Member

    Question about CSR

    When CSRs are generated, do they use a blank passphrase? I haven't been able to find any info on passphrases.

    Thanks,
    --Chris
     
    cfunk, Dec 17, 2007
    #10
  11. msource

    msource New Member

    Hi,

    I can create the SSL cetificates for more than one domain.
    It gave allways the Shared IP page. I need to solve this problem. I Apply the patch
    And it seems allright. But when i follow this instructions, i'm unable to put the https ok. It allways appears the Shared IP page.

    How can i solve this problem? I whant to pass the domain imunostar.pt with https enable on the ISPConfig, but i'm unable do complete this thing.

    Falko, can you please help me, please? I dont know what else can i do.
     
    msource, Dec 18, 2007
    #11
  12. msource

    msource New Member

    Hi,

    I found an error in /var/log/apache2/error.log:

    Code:
    [Tue Dec 18 12:00:17 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Dec 18 12:00:17 2007] [warn] RSA server certificate CommonName (CN) `WWW.LIZ-ONLINE.PT' does NOT match server name!?
[Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: icaro.liz-online.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:64) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713)
[Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: localhost:443 (/etc/apache2/apache2.conf:725) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713)
[Tue Dec 18 12:00:17 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
    I apply the patch, so, why it gave-me this error?
     
    msource, Dec 18, 2007
    #12
  13. msource

    msource New Member

    Now i remove all my SSL sites, and creat just one (www.imunostar.pt), with the certificate from VeriSgn. My Apache2 hang's... when i tried to force-reload it, it five me a Failed.

    If i remove the certificate from the domain, the apache started correctly with out no problems.

    I need to put this on. Sorry for being a pain in the ass, but i need to solve this problem.
     
    msource, Dec 18, 2007
    #13
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sure that you do not have more then one SSL vhost per IP? Please make sure that you have just one SSL vhost configured in ISPConfig and that you do not have any manuylla configures SSL sites in your apache configuration.
     
    till, Dec 18, 2007
    #14
  15. msource

    msource New Member

    Hi,

    Till tanks for the quick anwser.
    I just configure the How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions.

    There is a point (point4) in the how-to that tell us to create the following:

    Create a default secure site that users will see if they are using a non RFC 4366 compliant browser.
    PHP:
    mkdir /var/www/sharedip/ssl
    cd     /var/www/sharedip/ssl
    openssl genrsa     -des3 -passout pass:yourpassword -out 192.168.1.2.key2 1024
    openssl req     -new -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -out 192.168.1.2.csr -days 365
    openssl req     -x509 -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -in 192.168.1.2.csr -out 192.168.1.2.crt -days 365
    openssl rsa     -passin pass:yourpassword -in 192.168.1.2.key2 -out 192.168.1.2.key
    chmod 400 192.168.1.2    .key
    then...
    Edit /etc/apache2/apache2.conf and place this above Include /etc/apache2/vhosts/Vhosts_ispconfig.conf
    PHP:
    NameVirtualHost 192.168.1.2:443
    <VirtualHost 192.168.1.2:443>
          ServerName localhost
      ServerAdmin root    @localhost
      DocumentRoot     /var/www/sharedip
      SSLEngine on
      SSLCertificateFile     /var/www/sharedip/ssl/192.168.1.2.crt
      SSLCertificateKeyFile     /var/www/sharedip/ssl/192.168.1.2.key
    </VirtualHost>
    Ok all teh toturial is done.

    Now, i create a domain.tld and enable SSL suporte.
    Then i create a certificate, and copy the certificate that verisign sent to me.
    After i save the certificate, the apache2 hang up.

    I realy dont know what is appening.....
     
    msource, Dec 18, 2007
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    And you are really sure that you replaced the apache server with the new server compiled in the howto? Maybe the patch did not apply correct as your current apache seems not to support multiple SSL certs per IP address.
     
    till, Dec 18, 2007
    #16
  17. rvakili

    rvakili Member

    Enable Multiple HTTPS Sites on fedor

    Hi Guys, Is the How to available for fedora yet?

    Also,

    I have a dedicated IP direct to the server. Would it be possible to setup Virtual IPs and use them for SSl certificates? If so. is there a "How To"?

    Thanks
     
    rvakili, Feb 2, 2009
    #17
  18. falko

    falko Super Moderator Howtoforge Staff

    What do you mean with "Virtual IPs"?
     
    falko, Feb 3, 2009
    #18
  19. rvakili

    rvakili Member

    Hi Folko,

    What is a best way to do this. I am trying to avoid buying IP addresses to set up SSL enabled sites.

    1. I read about “Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions”
    However, I do not how to do this on Fedora 8???
    2. I can create Virtual IPs (Just another name for local addresses such as 10.0.0.1 etc… and make them an alliance of the Static IP I have.

    I am not sure if this will work as technically the IPs will be local???

    Well, hope you can guide me to accomplish the set up SSL enabled sites with one IP.

    Thanks,

    Ramin
     
    rvakili, Feb 3, 2009
    #19
  20. falko

    falko Super Moderator Howtoforge Staff

    I've never tried this, and I still think this is not possible...
     
    falko, Feb 4, 2009
    #20
Page 1 of 2

Share This Page