ISPConfig and SSL Certificates

Hi,

I'm really very new to SSL Certificates.
I found out on this forum that there is finally an instance that provides SSL Certificates for the right price ... Free ! (http://www.cacert.org/)

The thing is, I'm not really familiar with SSL Certs, so i signed up, added a domain to it but now I'm kind of stuck

Could someone help me with a nice and short description of how what and when with these certificates

Thanks a lot !

 

Just signed upto this myself and I am in the same situation... what to do with them... I will have a look over the next day or two and post anything I find out.

Thanks

 

Ok makes sense, but in terms of making the cert on cacert, I have added a domain but when I try and create a certificate you are asked to provide a CSR does anyone know what you need to enter in this part of the form and in what format.

Thanks

 

Ok seems to work sort of... but the fact that you can only have one ssl per ip address is still the case ?

Is there a way around this?

Thanks

 

Fine thanks for your help

 

Hi Till !

Thanks again for such a great and fast response.
Seems to be a problem with my ISPConfig tough, doesn't seem to create me the request code.
where should I start debugging ?


Kind regards


Pieter

 

I'm having the same problem. No CSR showing in it's field but can create one manually.

 

Any errors in /home/admispconfig/ispconfig/ispconfig.log? What's the output of

Code:

ls -la /root/ispconfig

?

 

Did you follow these steps?

1) Enable SSL in your ISPConfig website and hit save.
2) Go to the new SSL tab in the website settings in ISPConfig, enter the certificate details and select create as action and click on the save button.
Now you will have to wait about a minute.
4) Go to the SSL tab again, now there is a certificate signing request in the one field, use this request to create a certificate a cacert.org.
5) enter the certificate code you got from cacaert.org in the certificate field on the ssl tab in ispconfig, select "save certificate" as action an click on the save button.

 

Yup. Looks like some errors but not sure what they mean.

Code:

08.02.2007 - 13:43:17 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1888: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf~
08.02.2007 - 13:43:24 => INFO - Signalfile Set: insert
08.02.2007 - 13:43:28 => INFO - make_ssl_cnf /var/www/web4/ssl/openssl.cnf
08.02.2007 - 13:43:28 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1747: WARNING: could not openssl genrsa -des3 -rand /var/www/web4/ssl/random_file -passout pass:9193edc082a303a -out /var/www/web4/ssl/www.mysite.com.key.org 1024 && openssl req -new -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.csr -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl req -x509 -passin pass:9193edc082a303a -passout pass:9193edc082a303a -key /var/www/web4/ssl/www.mysite.com.key.org -in /var/www/web4/ssl/www.mysite.com.csr -out /var/www/web4/ssl/www.mysite.com.crt -days 365 -config /var/www/web4/ssl/openssl.cnf && openssl rsa -passin pass:9193edc082a303a -in /var/www/web4/ssl/www.mysite.com.key.org -out /var/www/web4/ssl/www.mysite.com.key
08.02.2007 - 13:43:28 => WARN - WARNING: could not open file /var/www/web4/ssl/www.mysite.com.csr
08.02.2007 - 13:43:28 => WARN - WARNING: could not open file /var/www/web4/ssl/www.mysite.com.crt
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 257: setquota -g web4 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 258: setquota -T -g web4 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:28 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 277: Connected successfully
08.02.2007 - 13:43:28 => INFO - USER:
mysite.com_jess:x:10012:10004:Jessica:/var/www/web4:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_jess 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_jess 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/.forward
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 113: symlink /var/www/web4/Maildir
08.02.2007 - 13:43:29 => INFO - USER:
mysite.com_aff:x:10022:10004:aff:/var/www/web4/user/mysite.com_aff:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_aff 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_aff 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/user/mysite.com_aff/.forward
08.02.2007 - 13:43:29 => INFO - USER:
mysite.com_spam:x:10023:10004:spam:/var/www/web4/user/mysite.com_spam:/bin/false
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 890: setquota -u mysite.com_spam 0 0 0 0 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 891: setquota -T -u mysite.com_spam 604800 604800 -a &> /dev/null
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php, Line 57: cp -f /root/ispconfig/isp/conf/forward.master /var/www/web4/user/mysite.com_spam/.forward
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable
08.02.2007 - 13:43:29 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1230: cp -fr /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf~
08.02.2007 - 13:43:30 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1888: cp -fr /etc/proftpd_ispconfig.conf /etc/proftpd_ispconfig.conf

and ispconfig directory looks like

Code:

[root@server ~]# ls -la /root/ispconfig
total 104
drwxr-xr-x  9 root root  4096 Feb  8 10:51 .
drwxr-x---  6 root root  4096 Jan  6 15:36 ..
-rwxr-xr-x  1 root root 33124 Dec  4 04:43 cronolog
-rwxr-xr-x  1 root root  9673 Dec  4 04:43 cronosplit
drwxr-xr-x 12 root root  4096 Dec  4 04:22 httpd
drwxr-xr-x 12 root root  4096 Dec  4 04:43 isp
-rw-r--r--  1 root root     8 Feb  8 10:51 .old_path_httpd_root
drwxr-xr-x  6 root root  4096 Dec  4 04:16 openssl
drwxr-xr-x  6 root root  4096 Jan 16 16:14 php
drwxr-xr-x  4 root root  4096 Dec  4 04:43 scripts
drwxr-xr-x  4 root root  4096 Dec  4 04:43 standard_cgis
drwxr-xr-x  2 root root  4096 Dec  4 04:43 sv
-rwx------  1 root root  9389 Dec  4 04:43 uninstall

And yes, I am following steps correctly. Looks like some kind of openssl error but not sure what it means.

 

Sometimes it helps to restart ISPConfig or reboot the server. If that doesn't help, please post the output of

Code:

ls -la /var/www/web4/ssl

 

I have got exactly the same issue

Hi All!
Atm im having exactly the same problem, on an ubuntu 6.06 perfect + ISPC, followed the info, got same errormessage, after creating ssl cert in ISPC.

Output from

Code:

ls -la /var/www/web4/ssl

ls -la /var/www/web4/ssl
total 12
drwxr-xr-x 2 web4_user web4 4096 2007-02-12 11:31 .
drwxr-xr-x 9 web4_user web4 4096 2007-02-12 11:31 ..
-r-------- 1 root      root    0 2007-02-01 16:47 .no_delete
-rw-r--r-- 1 root      root  963 2007-02-12 11:45 www.mysite.com.key.org

This is the file with the private part of the key.

btw, thanks for making the howto's

 

Attempted and no difference. Here's results.

Code:

total 12
drwxr-xr-x  2 mysite.com_me web4 4096 Feb  8 13:43 .
drwxr-xr-x 11 mysite.com_me web4 4096 Feb  8 13:43 ..
-r--------  1 root                root    0 Dec 14 06:15 .no_delete
-rw-r--r--  1 root                root  963 Feb  8 13:43 www.mysite.com.key.org

 

Yes I get an error

I get this error:

Code:

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
................++++++
..++++++
e is 65537 (0x10001)
error on line -1 of /var/www/web4/ssl/openssl.cnf
22010:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/var/www/web4/ssl/openssl.cnf','rb')
22010:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
22010:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:

 

I got this.

Code:

0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
......++++++
.............................................++++++
e is 65537 (0x10001)
error on line -1 of /var/www/web4/ssl/openssl.cnf
12653:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/var/www/web4/ssl/openssl.cnf','rb')
12653:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
12653:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:197:

 

Please create the file /var/www/web4/ssl/openssl.cnf (e.g. like this):

Code:

        RANDFILE               = $ENV::HOME/.rnd

        [ req ]
        default_bits           = 1024
        default_keyfile        = keyfile.pem
        distinguished_name     = req_distinguished_name
        attributes             = req_attributes
        prompt                 = no
        output_password        = some_password

        [ req_distinguished_name ]
        C                      = DE
        Lower Saxony
        L                      = Lueneburg
        O                      = Example, Ltd.
        IT
        CN                     = example.com
        emailAddress           = [email protected]

        [ req_attributes ]
        challengePassword              = A challenge password

Then run the command again. Any errors then?