how do I install a SSL cert for a website?

mangoo · Aug 30, 2011

Perhaps it's a stupid question, but how do I install my own SSL cert for a website?

Assuming my website is example.com and I have example.com.key (private key), example.com.crt (certificate), example.com.bundle (SSL vendor bundle), and I use a dedicated IP for it - if I go to Website -> Domain -> example.com and click SSL, I only have these options:

SSL Request - does not apply; I don't need to specify a CSR
SSL Certificate - I'd put example.com.crt content here
SSL Bundle - I'd put example.com.bundle content here

So, it looks like there is no space to provide the private key - confusing.

How do I assign a SSL cert to a website?

falko · Aug 31, 2011

From the ISPConfig 3 Manual (screenshots missing in this post):

5.4 How Do I Create An SSL Web Site?

To make a web site SSL-capable, please make sure that the SSL checkbox is checked on the web site's Domain tab (please note that you can have only one SSL web site per IP address). Important: you must select a specific IP address from the IP-Address drop-down menu; you must not select the wildcard (*)!

Then go to the SSL tab (see chapter 4.6.1.1).

On the SSL tab you can create a self-signed SSL certificate together with a certificate signing request (CSR) that you can use to apply for an SSL certificate that is signed by a trusted certificate authority (CA) such as Verisign, Comodo, Thawte, etc. It's not necessary to buy such a trusted SSL certificate, but you should note that if you use a self-signed SSL certificate, browsers will display a warning to your visitors.

Please note that you can have just one SSL web site per IP address.

To create a self-signed certificate, please fill out the fields State, Locality, Organisation, Organisation Unit, Country, and SSL Domain, and then select Create Certificate from the SSL Action drop-down menu, and click on Save. Leave the fields SSL Request, SSL Certificate, and SSL Bundle empty - the fields SSL Request and SSL Certificate will be filled out by the system.

After the self-signed certificate was created, you will find data in the SSL Request and SSL Certificate fields (it can take one or two minutes until the data appears in the fields):

It is already possible to access the web site using https:// now with the self-signed certificate, but your visitors will see a warning. For example, Firefox will complain about the self-signed certificate, therefore you must tell Firefox to accept the certificate - to do this, click on the I Understand the Risks link:

Click on Add Exception...:

The Add Security Exception window opens. In that window, click on the Get Certificate button first and then on the Confirm Security Exception button:

Afterwards you should be able to see the https:// web site:

If you want to buy an SSL certificate from a trusted CA, you have to copy the data from the SSL Request field - this is the certificate signing request (CSR). With this CSR, you can apply for a trusted SSL certificate at your CA - the CA will create an SSL certificate from this CSR, and you can paste the trusted SSL certificate into the SSL Certificate field. Sometimes your CA will also give you an SSL bundle - paste this into the SSL Bundle field. Select Save Certificate from the SSL Action drop-down menu and click on the Save button:

You have just replaced your self-signed certificate with a trusted SSL certificate.

To delete a certificate, select Delete Certificate from the SSL Action drop-down menu and click on the Save button.

5.4.1 How Do I Import An Existing SSL Certificate Into A Web Site That Was Created Later In ISPConfig?

Let's assume you created an SSL certificate for the web site example.com manually (for example by using these commands:

cd /home/example.com/certs/
openssl genrsa -des3 -out custom.key.org 2048

openssl req -new -key custom.key.org -out custom.csr -days 365

openssl req -x509 -key custom.key.org -in custom.csr -out custom.crt -days 365

openssl rsa -in custom.key.org -out custom.key

chmod 600 custom.key

), and later on you created the web site example.com in ISPConfig 3, and now you want to use your manually created SSL certificate for that web site.

To achieve this, you first have to create an SSL certificate for the example.com web site as shown in chapter 5.4. Afterwards, you will find the certificate in the /var/www/example.com/ssl directory:

ls -l /var/www/example.com/ssl

server1:~# ls -l /var/www/example.com/ssl
total 16
-rw-r--r-- 1 root root 1350 Dec 6 17:53 example.com.crt
-rw-r--r-- 1 root root 1127 Dec 6 17:53 example.com.csr
-r-------- 1 root root 1675 Dec 6 17:53 example.com.key
-rw-r--r-- 1 root root 1743 Dec 6 17:53 example.com.key.org
server1:~#

Now you can replace this certificate by copying your manually created .key, .csr, and .crt files to the /var/www/example.com/ssl directory (the files must have the same names as the original files in the /var/www/example.com/ssl directory, i.e. example.com.key, example.com.csr, and example.com.crt):

cp /home/example.com/certs/custom.key /var/www/example.com/ssl/example.com.key
cp /home/example.com/certs/custom.csr /var/www/example.com/ssl/example.com.csr
cp /home/example.com/certs/custom.crt /var/www/example.com/ssl/example.com.crt

Now copy the contetns of /var/www/example.com/ssl/example.com.csr...

cat /var/www/example.com/ssl/example.com.csr

-----BEGIN CERTIFICATE REQUEST-----
MIIDCDCCAfACAQAwgZ0xCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw1OaWVkZXJzYWNo
c2VuMRIwEAYDVQQHEwlMdWVuZWJ1cmcxGTAXBgNVBAoTEHByb2pla3RmYXJtIEdt
YkgxCzAJBgNVBAsTAklUMRQwEgYDVQQDEwtleGFtcGxlLmNvbTEkMCIGCSqGSIb3
DQEJARYVd2VibWFzdGVyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4BJ+EB4gvLYkQ3fuUHBEuoGpRWl330rvMvQFG2QR+0f3oV+d
U01B23nZxNxqC/XZKKgl52fT+rpXkXfcJYyZ0c7lIS+bcuFbqH82IXWw7b6OvOuG
eYtIs0tu0viNNVWIA0DPgNUWpSzjI9HPyfSDij1ClAgaQKM1wqwad8Okm6ljRcR9
+spe1GrhU7SWrIvEy7SL58WbUpi4hR/OvTwqi5dN30nLoTl5xfLkQda80BeZ+d0W
30JKhYLC8Tqt81Sx0NBuK5drt1NYgowdBiElP3V2ZZR+/j/4dHZ/8oZYIzaTB1Ja
UeNRxswiBOgVnPtmQZYWHh9kShuceWelAAJ64QIDAQABoCUwIwYJKoZIhvcNAQkH
MRYTFEEgY2hhbGxlbmdlIHBhc3N3b3JkMA0GCSqGSIb3DQEBBQUAA4IBAQBko5n8
JkNN6CTDrtUyM1QnSnYZt69jhlw7RxrWQTl3awmG1l3dIjbr6S70c2FCWMvfEmDw
bDZHir/n23VuIpydRwjuFs+pjCPF3R/XHHGv2kpw+1mjidQptYFyKtEI9FFfL8Zp
1RR5As0lzCdVvPewE/EswBmLte0No9QQfN5XCE6hh3t7IoEy/Ait+y7vX19TwXwA
qSfpGR3AgfrL6WOV/PgutoQtCuhTfGBBYIldl34phFsS8x3ks4hy+Dzs691yFv1h
1NJUFcuNIBFCzcdAwXAJS9Ql//ZRdG7G+05fnlUM0kLqDKFaU7gjMetCobHD+cqL
Iif3ep5yAuQY7N50
-----END CERTIFICATE REQUEST-----

... and /var/www/example.com/ssl/example.com.crt...

cat /var/www/example.com/ssl/example.com.crt

-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIJAJtWGs76Sw+wMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD
VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJTHVlbmVi
dXJnMRkwFwYDVQQKExBwcm9qZWt0ZmFybSBHbWJIMQswCQYDVQQLEwJJVDEUMBIG
A1UEAxMLZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWZ0QGZhbGtvdGltbWUu
Y29tMB4XDTEwMTIwNjE0Mzk0NVoXDTExMTIwNjE0Mzk0NVowgZkxCzAJBgNVBAYT
AkRFMRYwFAYDVQQIEw1OaWVkZXJzYWNoc2VuMRIwEAYDVQQHEwlMdWVuZWJ1cmcx
GTAXBgNVBAoTEHByb2pla3RmYXJtIEdtYkgxCzAJBgNVBAsTAklUMRQwEgYDVQQD
EwtleGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRZnRAZmFsa290aW1tZS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJGOCnJxVIiqOvgNu65d6+
uZh7+W6J++W0P/k4Na4f6ax37LrwKWway5YhmpYWlOYhhqs5MKDMs2Md/SJjPmAZ
UjBj4/8c/7WaX39fb/FgGAC0x0GwobrMs7wp3jAuXidah8zG7dvcSyjjZqdXXNc6
kdfRhQJqG7re6P2v3kmqtmhNKlQheC5I1nERmAf928htXFJFd6qkwE0m5Yq34Vw4
zj/a9Wbza42MoYIXcyeY4De3+L/vM9pme20Qs4XpoN+mDrNuyVh3r1ITuo8TZ6sY
cR9buZDvw4mvzZ1WgR0fKdLWoLZkKdA3wwq4gaTBPjBWCf56NftgxrJ3KrMzndMj
AgMBAAGjggEBMIH+MB0GA1UdDgQWBBSYxv4QIQm6cA17gRsBTXx3V/itxjCBzgYD
VR0jBIHGMIHDgBSYxv4QIQm6cA17gRsBTXx3V/itxqGBn6SBnDCBmTELMAkGA1UE
BhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcTCUx1ZW5lYnVy
ZzEZMBcGA1UEChMQcHJvamVrdGZhcm0gR21iSDELMAkGA1UECxMCSVQxFDASBgNV
BAMTC2V4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFmdEBmYWxrb3RpbW1lLmNv
bYIJAJtWGs76Sw+wMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABHs
1/TErdaoX82wUL02NxPu2R22iX8+nklqq7TfVxog1+F+HlKwqBEZZ7Gepur5S1JO
JxFbKjnXGsJw0OIHjMcJj2WL4/caXsr95tDGBzwLhojPuJwFTjnd1V9wFe3T41cm
9jpXPt+IsROtqwuiO+JnxR0IMmD1ryJyDWLwZVJWlcU4vts44OuXDQLqwpUHZiOj
3BDcb2daHCvTTBF6BxZPYsENqk3oKvfR9s18PrUzwxr/FoI3JBOahGujA2wHOR48
UGDit0EqWfp35jNYgh/c7gklkVLAJJ9Gf9JvqY6J5Vhrtl3XDQaT9KbY+LCBbozt
KxmEELvVXz3cLTvVWGg=
-----END CERTIFICATE-----

... and paste the contents of the .csr file into the SSL Request field and the contents of the .crt file into the SSL Certificate field on the SSL tab of the example.com web site in ISPConfig, select Save Certificate and click on Save:

That's it! The example.com web site uses your manually created SSL certificate now.
Click to expand...

PermaNoob · Feb 3, 2012

Will this affect the ssl login for the ISPConfig 3 control panel?

If I setup SSL for a website/domain, can I use a different and new certificate from the one created in the ISPConfig setup?

I saw: "Please note that you can have just one SSL web site per IP address."

but does the control panel count as the one website since it's using IP address only?

The situation is that for the control panel login I don't mind the ssl cert warning in Firefox, but I need ssl for a website without the ssl cert warning using a certificate from startssl or another company and I only have 1 ip address for the server.

falko · Feb 3, 2012

PermaNoob said: ↑

If I setup SSL for a website/domain, can I use a different and new certificate from the one created in the ISPConfig setup?
Click to expand...

Yes.

PermaNoob said: ↑

I saw: "Please note that you can have just one SSL web site per IP address."

but does the control panel count as the one website since it's using IP address only?
Click to expand...

ISPConfig runs on a different port (8080), so it doesn't count.

Log in or Sign up

how do I install a SSL cert for a website?

mangoo New Member

falko Super Moderator Howtoforge Staff

PermaNoob Member

falko Super Moderator Howtoforge Staff

Share This Page

Log in or Sign up

how do I install a SSL cert for a website?

mangoo New Member

falko Super Moderator Howtoforge Staff

PermaNoob Member

falko Super Moderator Howtoforge Staff

Share This Page

Useful Searches