How do Install a Comodo Positive Certificate for Securing ISPconfig?

Discussion in 'Server Operation' started by M1ENT, Apr 11, 2015.

  1. M1ENT

    M1ENT New Member

    I was wondering if someone can provide me with a bit of help,
    with installing a Comodo Cert to secure ispconfig3 on ubuntu.

    I wish to secure the ISPConfig 3 Panel & Maybe it's services, using these sent certificate files below.

    Comodo sent Certificate files:
    • Root CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate - AddTrustExternalCARoot.crt
    • Domain's SSL Certificate - www_example_com.crt

    I have already setup SSL for my domain using the above certs using the ISPConfig3 panel SSL Option,
    Ill explain the Process briefly of setting up my domain with SSL.

    I purchased a SSL Cert from comodo.
    Generated CSR using ispconfig3 SSL Generator, Sent the CSR to Comodo, Received Cert, Added Cert to panel, and added bundled
    via ISPConfig 3 SSL.

    https://mydomain.com, now is runs on https, and self signed error / warning with browsers gone.
    https works fine, all content displays fine on site.

    Visiting my ISPConfig3 Panel link is:
    https://mydomain.com:port
    (i do not use sub domain for ISPConfig3)
    Error due to self signed certificate

    My Question's
    .

    How do i secure ISPConfig3, and its service's the same way i secured my website's domain?
    I noticed , that ISPConfig3 Control panel uses different cert type files & format's than the websites..

    Location for ISPConfig 3 cert's in:
    /usr/local/ispconfig/interface/ssl

    ISPConfig3 Certs Listed below.
    • cert.pem
    • csr.pem
    • ispserver.crt
    • ispserver.csr
    • ispserver.key
    • ispserver.keysecure
    • key.enc.pem
    How do i use below cert's? how do i convert for use of securing ISPConfig3.

    I wish to remove the SSL Self Signed Waring for the control panel.

    • COMODORSADomainValidationSecureServerCA.crt
    • COMODORSAAddTrustCA.crt
    • AddTrustExternalCARoot.crt
    • www_example_com.crt
    Thanks for any help in advanced..
     
    Last edited: Apr 11, 2015
  2. Hello,

    Could you please give some more information about what webserver you are running? Apache2 or nginx? What is your current virtualhost configuration?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. M1ENT

    M1ENT New Member

    Thanks for the quick responses.

    CRYPTIC DESIGNS:
    Im using Apache/2.4.7, on (Ubuntu) 14.04.2 LTS.

    VHOST, is a pretty lengthy file, to post all of its code here.
    Might exceed the forums character limit. Not sure.
    These lines below i did notice were added through the panel, when i added the comodo cert's for the domain.

    VHOST code for Comodo Certs when added via ISPCONFIG3 SSL Option.

    <VirtualHost *:443>
    DocumentRoot /var/www/mydomain/web

    ServerName mydomain
    ServerAlias www.mydomain
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/mydomain/error.log

    Alias /error/ "/var/www/mydomain/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html
    ##

    <IfModule mod_ssl.c>
    SSLEngine on
    SSLProtocol All -SSLv2 -SSLv3
    SSLCertificateFile /var/www/clients/client1/web1/ssl/mydomain.crt
    SSLCertificateKeyFile /var/www/clients/client1/web1/ssl/mydomain.key
    SSLCACertificateFile /var/www/clients/client1/web1/ssl/mydomain.bundle
    </IfModule>


    I also added a Redirect, so it forces HTTPS..

    I will try out the tutorial till posted in a reply, as it describe's the cert files for ISPConfig3 Panel in questioon.
    I will reply, If i get it up and running or run into any issues. Thanks again..

    TILL:

    I really appreciate the help and fast response...
    Will try this out, Reply if Solved, Or if run into any issues.

    Thanks again till.
     

Share This Page