Commercial SSL cert on the panel

Discussion in 'Installation/Configuration' started by Devin McManus, Nov 4, 2022.

  1. Devin McManus

    Devin McManus New Member HowtoForge Supporter

    Code:
    # lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster
    Code:
    # php -v
PHP 7.3.31-1~deb10u1 (cli) (built: Oct 24 2021 15:18:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.31, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.31-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies
    Hi there,
    Is it possible to install a commercial SSL certificate on the ISPConfig control panel?

    Regards,
    Devin
     
    Devin McManus, Nov 4, 2022
    #1
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    Why shouldn't it? Just point the SSLCertificateFile and SSLCertificateKeyFile to the certificate you want to use. You can find these options in the vhost for ispconfig in /etc/apache2/sites-enabled/000-ispconfig.vhost.

    You could also create a proxypass for it like this:

    Code:
    <VirtualHost *:443>
        SSLEngine on

        SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLHonorCipherOrder on
        SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!CBC
        #SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

        SSLCertificateFile /etc/ssl/XXXXXXXXXX.cer
        SSLCertificateKeyFile /etc/ssl/YYYYYYYYY.key
        SSLCACertificateFile /etc/ssl/ZZZZZZZZ.cer

        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

        ServerName hosting.yourdomain.com

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyVia Off
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
</VirtualHost>
     
    Last edited: Nov 4, 2022
    pyte, Nov 4, 2022
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The update safe way is to exchange the content of the SSL cert and key file(s) in /usr/local/ispconfig/interface/ssl/ folder and then restart the service sor the whole server. Altering the content of the ispconfig vhost file will give you trouble on the next update (unless you use custom file templates for the ispconfig vhost and other config files of the system that use ssl, but this would mean you must patch these files on future updates, so not an optimal solution either). If you created an SSL cert using acme.sh or certbot for ISPConfig, then better remove them using acme.sh or certbot first, otherwise they might overwrite your custom SSL cert on renewal in a few months.
     
    till, Nov 4, 2022
    #3
    Th0m likes this.
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can either change the files in the ssl folder for ISPConfig itself, or setup symlinks from that directory to the certificate files somewhere else on the server.
     
    Th0m, Nov 4, 2022
    #4

Share This Page