I have a multidomain and wildcard certificate by startssl.com after following the tutorial from howtoforge and it is working properly for pureftp, postfix, courier, etc. but now I am wondering how to install it for some of the sites included in it. using apache2 on a debian installation. I am not sure how the ispcfg3 SSL tab is to be used with this certificate? I saw the checkbox for ssl when editing a site, what does ticking the box do? if I check the box, how do I get apache2 to use the certificate I have? any hints?
checked the ispcfg3 manual I bought: so how do I implement my wildcard-multi-domain certificate for websites with apache2?
Just create a self-signed certificate as you would normally do, and after the cert, key, etc. have been created, rename them (e.g. Code: mv yoursite.crt yoursite.crt_orig ) and create symlinks to the appropriate files in the ISPConfig ssl folder: Code: ln -s /usr/local/ispconfig/interface/ssl/ispconfig.crt yoursite.crt Restart Apache afterwards.
Thanks Falko that worked very well but how about the last step in the startssl howto namely where you are required to edit ispconfig.vhost and add this line: SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class1.server.ca.crt ? I had to add SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class2.server.ca.crt but I guess I need to add that for every domain I am securing, right? If so, manually editing each vhost or can I somehow add that via ISPCFG3?
sorry this is a bit weird. with this settings I still get the "This certificate was signed by an unknown authority" warning. If I edit /etc/apache2/sites-enabled/100-premaman.co.za.vhost and add the line: instead the warning is gone!?
Did you paste the contents of the startssl.sub.class2.server.ca.crt file into the bundle field in ISPConfig? If so and you still get warnings, can you post the vhost configuration file that ISPConfig wrote after you pasted the bundle cert into the bundle field?
yes I did paste the contents of the right file, I just double-checked. since that didn't work, I even deleted the premaman.co.za.bundle file that ISPCFG3 generated and symlinked to the original file as you can see above but that doesn't work either. Only if I manually add this line to the vhost does it work: SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/startssl.sub.class2.server.ca.crt here is the generated vhost file including the line I added manually:
nope, I added that line manually. I have the latest ISPCFG version since to generate my request I performed an update to ISPCFG 3.0.4.2 actually I just did an experiment: edited the vhost via ISPCFG3 interface, simply increased the site's quota by 1MB and saved. the following happend: in the part of the vhost where port http is define this was added: in the https part this section still looked like this: weird, I have done this several times already. Now it all seems to work just fine !? confused, but we can close this topic I guess :-(
