comodo instanssl

Discussion in 'Installation/Configuration' started by chief, Jun 2, 2010.

  1. chief

    chief Member HowtoForge Supporter

    Hi all,
    I renewed my ssl certificate with comodo, and i went to install/update it inside ispconfig 2 control panel, but it didnt work....

    Ok built the box 2 yrs ago and it works well.
    I named the thor2.tlsystems.co.uk

    I also host about 5 websites as well as www.tlsystems.co.uk, i tried updating the ssl just for tlsystems, (within ispconfig - isp manager - and then my website - ssl tab.

    I dont use ssl on any other site.

    So, my question is:-

    1. I have been sent a zip file containing 2 certs, cert.crt and cert.ca-bundle. Where do they go?
    I have tried opening the crt file and pasting the contents within the ssl tab, which is where is got the request.

    I followed some previous instructions within the how2forge forums, basically it said to rename my crt file to server.crt and copy it to /root/ispconfig/httpd/conf/ssl.crt and open /root/ispconfig/httpd/conf/httpd.conf and change SSLCertificateChain(something) and point it to the ca-bundle file which i uploaded to /root/ispconfig/httpd/conf/ssl.crt.

    Then restart ispconfig /etc/init.d/ispconfig restart - (i Know it not the right spelling)

    it the failes on loading, these are the lines :


    /root/ispconfig/httpd/bin/apachectl stop: httpd (no pid file) not running
    ISPConfig system stopped!
    Starting ISPConfig system...
    Syntax error on line 1103 of /root/ispconfig/httpd/conf/httpd.conf:
    SSLCertificateKeyFile: file '/root/ispconfig/httpd/conf/ssl.key/server.crt' not exists or empty
    /root/ispconfig/httpd/bin/apachectl startssl: httpd could not be started
    ISPConfig system is now up and running!

    help,

    chief
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Dou you want ssl for a website or ssl for the controlpanel on port 81? The steps that you have done is to reconfigure port 81 and not a website.
     
  3. chief

    chief Member HowtoForge Supporter

    hi til,

    for the website.

    The steps i carried out, i undid.
    I think its all in /var/www/web1/ssl - the only website i want using ssl certificate


    chief
     
    Last edited: Jun 2, 2010
  4. Hans

    Hans Moderator Moderator

    To install a SSL-certicate, please have a look here: http://www.howtoforge.com/faq/14_49_en.html

    If you have additional SSL-certifcates, please upload them to /var/www/web#/ssl

    Then in the Apache directives field of the website you can add these lines to make your site only available with SSL and to pin your additional Certicate:


    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    SSLCertificateChainFile /var/www/web#/ssl/UTNAddTrustServerCA.crt

    Note: please replace "web#" with your own web ID.
    Replace "UTNAddTrustServerCA.crt" with your own additional certicate name.
     
  5. chief

    chief Member HowtoForge Supporter

    Cheers for the reply hans,

    Instantssl sent me a zip containing 2 files www_tlsystems_co_uk.crt and www_tlsystems_co_uk.ca-bundle -

    Which file goes in my /var/www/web1/ssl - both or 1???? if 1, where does the other file go?


    chief
     

Share This Page