Hi again, SSL works great when i use the self signed certs genetrated by ISPconfg. Unfortunately, when i try to install a signed (by a CA) certificate apache refuses to start. There is NOTHING in the logs (var/log/httpd/error_log) to indicate what the problem might be. It did work briefly, until i tried to add another ssl cert for a different domain. The domains are on different IP addresses. I am using fedora core 4 x86_64, if anyone wants to see config files / logs, let me know which ones and i will post them. I am paying for advertising of my site and really need to get this working so i don't have to use a self signed cert. Thanks, Max
Is there anything in the SSL errror log? Normally that's another file than /var/log/httpd/error_log. Did you paste the certificates into the correct field in ISPConfig?
Hi Falko, The /var/log/ssl_error_log contains the following line: [Wed Dec 14 10:53:12 2005] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? and yes i am definitely pasting the certificate into the correct field. I am not pasting anything into the csr field, since this is automatically generated. Am i assuming correctly? Are there any other logs i should be looking at? Thanks for your help, Max
just a addition to my last post .... the time of the error mentioned in the error log does not coincide with the times httpd failed to restart. thanks, Max
Have a look in the ssl direcory for this website, open the certificate files and check if ISPConfig has installed them correctly. If you use an Certificate Authority like instantssl (comdo), you will have to install some additional root certificates.
the certificate i pasted in the field in ispconfig matches the one in the site's ssl directory, so it seems ispconfig has created them properly. I have copied the appropriate CA-bundle.crt and added: SSLCACertificateFile /path to file/CA-bundle.crt to the Apache directives field. out of curiosity, at what stage does ispconfig create private keys? thanks, Max
The private keys where generated when you tell ISPConfig to create the csr together with the self signed certificate.
I get: [Wed Dec 14 22:49:55 2005] [warn] NameVirtualHost 202.164.207.171:80 has no VirtualHosts Syntax OK when i type httpd -t That error is a minor issue that always seems to have been there, i have been waiting until till i get my ssl problems fixed before i attempt to fix that one. Thanks
Have a look in the directory /etc/apache/vhosts (or a similar directory where your apache config is stored). Are there copies of the Vhost_ispconfig.conf file with a date appended?
OK ... finally sorted it out!! I must have chosen "create certificate" again (by mistake), instead of choosing save certificate, and a new private key was generated. I don't remember doing it but it's the only explanation. Creating a new cert and private key, then getting my CA to "re-key" my csr/cert fixed the problem, then installing the new cert using the ispconfig gui (choosing save certificate) worked like a charm. Vielen dank Till and Falko ... isp config is great. Regards, Max
