Sounds like you are pressing Y "yes" instead of N "no" during step 7 and 8 of ssl certificate creation which encrypt's the private key. You will always be asked for a password whenever you want to restart your ispconfig system if the private key is encrypted.
There is no step 7 in the key regen that Falko posted unless I'm missing something. I think I did select that option originally yes, but now I need to undo it which is what I thought the instructions on page 1 were for.
Please recreate the SSL certificate as described here: http://www.howtoforge.com/forums/showthread.php?t=121&highlight=firefox+8182
It doesn't make any difference. I'm still being prompted for a password on restart of ISPconfig. Are we SURE that recreating the SSL cert will change the option to not ask for a password on startup of ISPconfig?
I'm not getting to any of those steps when I change the cert. I'm only getting prompted for the typical cert stuff (ie. country code, state, etc).
Is this what you did? http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4 Maybe you made a typo somewhere.
I've done this 5 times. I'm POSITIVE I did not typo. Here's my exact entry (with my password changed): openssl genrsa -des3 -passout pass:xxxxxxx -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024 openssl req -new -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365 openssl req -x509 -passin pass:xxxxxxx -passout pass:xxxxxxx -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365 openssl rsa -passin pass:xxxxxxx -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key
if greenhornet has Code: chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key wouldnt he have to at least Code: chmod 600 /root/ispconfig/httpd/conf/ssl.key/server.key before he tried to create a new cert so it could be rewrote ?
running them individually solved the problem. Earlier posts did not specify that as being necessary so I did not assume it was. Thanks guys!
[SSL] Browser reports error Hi guys, First, let me once again say that I love your software and your support! I have a small problem with generating the ISPConfig SSL certificate.. Generating the certificate itself works just fine and when I direct my browser to https://mydomain.net:81 the browser presents me with an error stating that the certificate is not signed by an official CA etc. This is normal because the certificate is self-signed. But then the browser presents me with a second error, now stating that the domain of the certificate does not match the domain I tried to access. It says the domain the certificate is assigned to is "" (blank). Is there a way to fix this? I already tried re-generating the certificate using the commands specified earlier in this thread. **EDIT:** Ok, I (partially) managed to solve the problem. It seems that the 'Common name' is the one that I should fill in properly in order to correct the error. Sorry if this is obvious to you guys But, when I tried to connect to my mailuser login and I got the same error. That is, if I connected to https://www.mydomain.net:81 I got no error stating that my domains do not match, but if I connected to https://www.mydomain.net:81/mailuser I did get an error stating the domains do not match. I found out that if I change the common name to mydomain.net (without the www) and I direct my browser to http://mydomain.net:81/mailuser it all goes well. I suppose the problem lies in the fact that I initially chose my FQDN to be mydomain.net instead of www.mydomain.net thus making ISPConfig 'internally' redirect requests to http://mydomain.net:81/mailuser instead of http://www.mydomain.net:81/mailuser. Does this sound sensible? Anyway, I think I'm happy the way it is now So thanks again for the great howto's and ISPConfig! Greets, Steven - The Netherlands
Courier SSL certificate Hi *See post above..* Just a small question about the courier SSL certificate.. (I hope this is the right thread to post this.) As you can see from my post above I managed to re-generate the SSL certificates for ISPConfig. Thanks to the 'perfect setup' howto for ubuntu 7.10 I also managed to do this for the postfix SSL certificate, which was also giving me an error about non-matching domains. It all works very smoothly now, except for the Courier pop3-ssl server. Since that SSL certificate is auto-generated by courier upon installation I don't know how to modify it in order to get matching domains. In fact, all I want to do is change the 'Common name' setting of the certificate. To do this I suppose I need to regenerate the certificate for courier. Does anyone know a way to do this without messing up anything? **EDIT:** Ok, I also managed to solve this one. Sorry for these self-answered posts, but I'm posting them anyway in case someone else is having the same problem. In order to get the Courier pop3 SSL certificate working I did the following: (WARNING! This worked for me, I am not sure it will work for everyone. I am running an Ubuntu 7.10 'perfect server', installed using the Perfect Server Howto found here. If you are running something else, at least check the paths before trying this. Also, I am not aware of any nasty side-effects. For me there don't seem to be any.) - First edit the file '/etc/courier/pop3d.cnf' This contains the defaults used by mkpop3dcert (the tool used by courier to create a self-signed certificate). Code: # vim /etc/courier/pop3d.cnf - Then re-generate the .pem file using mkpop3dcert. (Perhaps it is wise to backup the original first..) Code: # cd /usr/lib/courier # cp pop3d.pem pop3d.pem-orig # mkpop3dcert (As you can see I did not add './' to the mkpop3dcert command. It seems to be in my path..) - Next we copy the new .pem to the dir used by courier. (I also backup the original first..) Code: # cp /etc/courier/pop3d.pem /etc/courier/pop3d.pem-orig # cp /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem - And make sure the permissions are correct. Code: # chmod 600 /etc/courier/pop3d.pem - Finally reload the courier ssl server. Code: # /etc/init.d/courier-pop-ssl force-reload Greets, Steven
Cannot log in! Could not connect to MySQL server openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024 openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365 openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365 openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key I did this and I could get in ISPConfig and login with admin to. Then I JUST RESTARTED the pc and i can no longer login!! It shows this errors on the page: Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41 Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60 I tried to restart ISPConfig but it says this: root@linuxsrv:~# /etc/init.d/ispconfig_server restart Shutting down ISPConfig system... /root/ispconfig/httpd/bin/apachectl stop: httpd stopped ISPConfig system stopped! Starting ISPConfig system... /root/ispconfig/httpd/bin/apachectl startssl: httpd started Could not connect to MySQL server!ISPConfig system is now up and running! WHAT CAN I DO? Please help me. Thank you.
Still cannot login in ISPConfig root@linuxsrv:~# /etc/init.d/mysql start * Starting MySQL database server mysqld [ OK ] I did that but it remains the same. :S I still cannot login in ISPConfig. The first time i logged in everything went fine. I just shutdown my system and then i turned it on and the ISPConfig simply doesn't allow any login. Here are the errors again when i try to log in: Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on '127.0.0.1' (4) in /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php on line 77 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 40 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 40 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'admispconfig'@'localhost' (using password: NO) in /home/admispconfig/ispconfig/web/login/login.php on line 41 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/admispconfig/ispconfig/web/login/login.php on line 41 Warning: Cannot modify header information - headers already sent by (output started at /home/admispconfig/ispconfig/lib/classes/ispconfig_db_mysql.lib.php:77) in /home/admispconfig/ispconfig/web/login/login.php on line 60 What is going on? :S Please help me. Thank you
What's the name of the MySQL user you're using in /home/admispconfig/ispconfig/lib/config.inc.php? Should be root.
Excellent thread. Thanks to everyone for questions and answers, (I cant believe I read the whole thing, even most of the error codes)! This reminds me of the nightmare I went thru last year with expired certs. I wished I was here back then.
I guess this happens a lot of times That people have got special chars in their passwords which will cause that. Thanks again Falko
