Need some handholding on replacing the self-signed SSL Certs

Discussion in 'Installation/Configuration' started by cgreentx, Jul 6, 2007.

  1. cgreentx

    cgreentx New Member

    I would like to replace the SSL cert used by ISPConfig with a real purchased cert. Can anyone provide a simple step by step on generating the CSR and where to put the resulting CRT files? I'm familiar with the process on Windows, but I haven't done SSL on *nix before.

    Thanks,
    Chris Green
     
    cgreentx, Jul 6, 2007
    #1
  2. Ben

    Ben Active Member Moderator

    Hi,

    are the fields in the tab "ssl" of the approprate web filled?
    if so, you can take the displayed csr and get a new one with that.
    Otherwise fill the form, select generate certificate. This will generate a CSR (+self signed cert). Take the CSR
    get a cert withit and place the certs content in the appropriate box an select save certificate.

    This process is also described in the manual that you can find inside ISPConfig.
     
    Last edited: Jul 6, 2007
    Ben, Jul 6, 2007
    #2
  3. cgreentx

    cgreentx New Member

    I'm referring to the SSL certificates used by ISPConfig itself, not by the hosted sites. I can't find anything in the web interface to manage that stuff. Perhaps there is simply a way to disable SSL in the config and go back to regular HTTP? I host only my own sites so I can live without SSL on ISPConfig.

    Chris Green
     
    cgreentx, Jul 6, 2007
    #3
  4. PoleCat

    PoleCat New Member

    Code:
    spirit:~/ispconfig/httpd/conf/ssl.csr# cat server.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAlpBMQswCQYDVQQIEwJFQzELMAkGA1UE
BxMCUEUxEDAOBgNVBAoTB0lUIEdlYXIxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFt
MRwwGgYDVQQDExNzcGlyaXQuaXRnZWFyLmNvLnphMSQwIgYJKoZIhvcNAQkBFhVz
ZWN1cml0eUBpdGdlYXIuY28uemEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMmRgCUXq06NzXcNlLzCaxhDMN8c36ZqK/w7li9zx498q+a49cmSLhYMDVY4YVab
VbqtaAssXJwNDfgdLwmrct8ydvc3ovv/7+LG2KWqgqmTt6bXDjqqjg+nteS5Nzqa
IbrDVfLVOWlH+MfU74iHqL9y1jsJ9320kAcVEmGADBkHAgMBAAGgADANBgkqhkiG
9w0BAQUFAAOBgQBh9r4u+FNodFuUccmlvQ2Ey65t3pshTScQfzX0SPl+lYz3lmcn
lJfZglxaS014kRgyVj5cinwarWSds8UYXOKSc5FhyA8CZqKajOLUpCpvKuKbMnnf
Q5qyKpWlZEtoylvYNCRpMpw6cHvbuAqDHDYQbiKpv4LjeHqtL2CWZYlOfg==
-----END CERTIFICATE REQUEST-----
spirit:~/ispconfig/httpd/conf/ssl.csr#
    /ispconfig/httpd/conf/ssl.csr/ <---- SSL Cert Request
    /ispconfig/httpd/conf/ssl.key/ <---- SSL Server Key
    /ispconfig/httpd/conf/ssl.crt/ <---- SSL Certificate

    Use /ispconfig/httpd/conf/sserver.csr to request your new Certificate from your provider.
    Replace /ispconfig/httpd/conf/ssl.crt/server.crt with your new cert.
     
    Last edited: Jul 6, 2007
    PoleCat, Jul 6, 2007
    #4
  5. cgreentx

    cgreentx New Member

    Thanks. That will help a lot. How do I generate the new CSR? I assume the old one was generated during the install which has all the default "Snake Oil" information in it.

    Thanks!
    Chris Green
     
    cgreentx, Jul 6, 2007
    #5
  6. PoleCat

    PoleCat New Member

    PoleCat, Jul 6, 2007
    #6
  7. cgreentx

    cgreentx New Member

    All is good. I picked up a TurboSSL certificate from my registrar for $27.

    Chris Green
     
    cgreentx, Jul 7, 2007
    #7

Share This Page