I have just done a new installation of CentOS 5.4 and ISPConfig 3, and I set up a domain and now I want an SSL Certificate. I generated one within ISPConfig, I then restarted apache, then accessed the site. Obviously I get the usuall warnings about self signed, but upon viewing the certificate with IE & Firefox I couldn't help noticing that the certificate in use isn't the one I just created, it is the one located at '/etc/pki/tls/certs/localhost.crt' as configured in the apache ssl.conf file (localhost.localdomain). This is the second server that does this, I had no problems installing either server using the Perfect Server tutorial. Is it actually possible to create usable certificates in ISPConfig 3? When I have tried trials of SSL Certificates from the various companies I have the same result. SSL Error Log: [Sat Dec 05 20:03:56 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:03:56 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:03:57 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:03:57 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:04:03 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:04:03 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:20:29 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:20:29 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:20:29 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:20:29 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:20:35 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:20:35 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:20:35 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:20:35 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:21:04 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:21:04 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:22:02 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:22:02 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:22:19 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:22:19 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:22:20 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:22:20 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? [Sat Dec 05 20:23:03 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Dec 05 20:23:03 2009] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
Your problem is not ispconfig nor the ssl certificate created by ispconfig as you currently dont use the certificate created by ispconfig. To me it looks like you enabled some kind of default ssl vhost in centos that is blocking the ssl port, so that a default cert is used and not the one created by ispconfig. Check the apache config of centos and disable the default ssl vhost and default ssl cert. Then restart apache.
Which distribution do you use? Did you try to access the web site by its domain name, or did you use something else (e.g. IP address, different domain, etc.)?
