i cant configure ssl with apache2 in opensuse 13.1 ispconfig mail server

Discussion in 'ISPConfig 3 Priority Support' started by Md. Mohib Billah, Oct 30, 2015.

  1. Dear till,
    I possible please help me for solving my problem. I write details in below ---
    Recently i purchase ssl certificate from a ssl certificate provider . They give me domain.key and domain.csr file . Now i start to enable this by follow these command --
    # cp server.key /etc/apache2/ssl.key/
    # cp server.crt /etc/apache2/ssl.crt/
    Configure Apache to use OpenSSL (Optional)

    Edit the /etc/sysconfig/apache2 file.

    APACHE_START_TIMEOUT="10"
    APACHE_SERVER_FLAGS="SSL"
    copy /etc/apache2/vhost.d/vhost-ssl.template to /etc/apache2/vhost.d/vhost-ssl.conf.

    # cp /etc/apache2/vhost.d/vhost-ssl.template /etc/apache2/vhost.d/vhost-ssl.conf
    Configure the main site to use HTTPS

    Edit the /etc/apache2/default-server.conf file and add Include /etc/apache2/vhost.d/*.conf line in that file.

    Include /etc/apache2/conf.d/*.conf
    Include /etc/apache2/vhosts.d/*.conf
    Edit /etc/apache2/vhost.d/vhost-ssl.conf file as shown below:

    <IfDefine SSL>
    <IfDefine !NOSSL>
    <VirtualHost *:443>
    DocumentRoot "/srv/www/htdocs"
    ServerName localhost:443
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/srv/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    CustomLog /var/log/apache2/ssl_request_log ssl_combined
    </VirtualHost>
    </IfDefine>
    </IfDefine>
    Restart apache

    # /etc/init.d/apache2 restart
    redirecting to systemctl restart apache2
    Enter SSL pass phrase for localhost:443 (RSA): ******
    but after complete these modify and run systemctl restart apache2.service . apache service show failed. Then i see apache error log
    mail:/etc/apache2/ssl.csr # tail /var/log/apache2/error_log
    [Fri Oct 30 16:44:27.212937 2015] [authz_core:error] [pid 32915] [client 66.249.74.23:53635] AH01630: client denied by server configuration: /usr/share/apache2/error/HTTP_NOT_FOUND.html.var
    [Fri Oct 30 16:47:44.080340 2015] [mpm_prefork:notice] [pid 32891] AH00170: caught SIGWINCH, shutting down gracefully
    [Fri Oct 30 16:47:47.238875 2015] [ssl:emerg] [pid 59323] AH02241: Init: Unable to read server certificate from file /etc/apache2/ssl.csr/qmail.com.bd.csr
    [Fri Oct 30 16:47:47.238898 2015] [ssl:emerg] [pid 59323] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Oct 30 16:47:47.238907 2015] [ssl:emerg] [pid 59323] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
    [Fri Oct 30 16:47:47.238912 2015] [ssl:emerg] [pid 59323] AH02312: Fatal error initialising mod_ssl, exiting.
    [Fri Oct 30 16:49:50.803875 2015] [ssl:emerg] [pid 59593] AH02241: Init: Unable to read server certificate from file /etc/apache2/ssl.csr/qmail.com.bd.csr
    [Fri Oct 30 16:49:50.803901 2015] [ssl:emerg] [pid 59593] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
    [Fri Oct 30 16:49:50.803910 2015] [ssl:emerg] [pid 59593] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
    [Fri Oct 30 16:49:50.803915 2015] [ssl:emerg] [pid 59593] AH02312: Fatal error initialising mod_ssl, exiting.

    Please help me.
    Thanks
     
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Why don´t you just insert your cert in the ssl-tab for the website? And remove the passphrase....
     
  3. Dear Florian,
    Thanks for your replay, but I can't understand clearly what you suggest. Please write clearly that will be very helpful for me.
    Thanks again
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the apache config to find the line where /etc/apache2/ssl.csr/qmail.com.bd.csr is loaded. A CSR is a certificate request and not a ssl certificate.
     
  5. Hi till bro,
    Thanks for your replay. Please give me suggestion how to configure ssl with apache . Remember I have two file for ssl as like server.csr and server.key . Please help me .
    Thanks again.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    What do you want to do with that ssl cert, is it a cert for a website that you host? Or shall it be used for the ispconfig interface?
     
  7. Thanks bro,
    For your replay. I want to browse my mail service site domain with https as like https://domain not ispconfig interpage. Please help
    Thanks again.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Then the steps you followed above should be fine. Dd you follow my hint to find the line where qmail.com.bd.csr is loaded? Thats a csr (certificate request) file, csr's are never loaded as certificates.
     
  9. Thanks for your replay.
    Am i not add qmail.com.bd.csr file in vhost-ssl.conf file? When i copy vhost-ssl.template file to vhost-ssl.conf apache service not start. What can i do now . Please help me .
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    You mixed up the crt (certificate) file with the csr (certificate signng request). A csr file is never added in the apache config, add the crt file instead.
     

Share This Page