Proper certificate

Discussion in 'Installation/Configuration' started by Lee.Copper, Jun 21, 2006.

  1. Lee.Copper

    Lee.Copper New Member

    Sorry if this question has been asked before but I was unable to find the answer to my question.

    I would like to add a proper verified certificate to ISPConfig, can this be done and how do I do it?

    Thanks in advance for your assistance.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you mean for the ISPConfig webserver on port 81 or for a website created in ISPConfig?
  3. Lee.Copper

    Lee.Copper New Member

    I mean for the ISPConfig webserver. We would like to create a portal for our customers to use to access there control panels but with a trusted certificate.
  4. brainz

    brainz Member

    Hi Lee.cooper,

    You mean like the attacment below where you can add a ssl certificate for the domain ????


    Is this what you mean ??? One other thing as well as falko/till will tell you can have only one ssl certificate per ip..... or is that per domain... Correct me if im wrong falko hehe.... ;)

    brainz :cool:

    Attached Files:

    • ssl.jpg
      File size:
      5.5 KB
    Last edited: Jun 22, 2006
  5. falko

    falko Super Moderator Howtoforge Staff

    Have a look at /root/ispconfig/httpd/conf/httpd.conf. The certs that are currently in use are listed in there.
    Create a new certificate as described here: and use the csr to get an official SSL cert from a CA. Then replace your own cert with the official cert and restart ISPConfig:
    /etc/init.d/ispconfig_server restart
  6. Lee.Copper

    Lee.Copper New Member

    Okay I followed the instructions provided and replaced the key with the one provided by XRamp and I get an error when restarting.

    The error I get is as follows:

    Apache:mod_ssl:Error: Private key not found.
    /root/ispconfig/httpd/bin/apachectl startssl: httpd could not be started

    What did I do wrong?
  7. Lee.Copper

    Lee.Copper New Member

    I think I have resolved the httpd error, but now I cant access the webpage, I get page cannot be displayed.

    Please help!!
  8. falko

    falko Super Moderator Howtoforge Staff

    You mean the ISPConfig web interface? Any errors when you restart ISPConfig or when you look in the logs in /root/ispconfig/httpd/logs?
  9. Lee.Copper

    Lee.Copper New Member

    Yes there are errors in error_log.

    They are

    [Thu Jun 22 17:33:55 2006] [error] mod_ssl: Init: ( Unable to configure RSA server private key (OpenSSL library error follows)
    [Thu Jun 22 17:33:55 2006] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
  10. falko

    falko Super Moderator Howtoforge Staff

  11. Lee.Copper

    Lee.Copper New Member

  12. falko

    falko Super Moderator Howtoforge Staff

    I think both methods are compatible. :)
  13. Lee.Copper

    Lee.Copper New Member

    Just so I dont mess this up and cause myself more hassle.
    When I get my key back I get several files sent.

    These are
    datelhosting_co_uk.p7b - Certificate for Windows Server 2000/2003
    datelhosting_co_uk.cer - Certificate for all other servers
    sslbundle.crt - Intermediate Certificates (CA Bundle)

    Do I use the datelhosting_co_uk.cer and if so what do I do with it?
  14. Lee.Copper

    Lee.Copper New Member

    Perhaps I should also tell you that this the certificate for the hosting company not a client. It is the only one requiring SSL.
    I wasnt sure if this made any difference to the configuration or not.
    What I also noticed is that from the control panel with in ISPConfig is when I select the SSL check box, it says that it already has a certicate assigned, is this the one that I am overwriting?

    Im sure this is very simple and I am missing something really stupid, but I have to be honest its really frustrating.
  15. falko

    falko Super Moderator Howtoforge Staff

    I think you have to use these ones, but you will have to rename them to the names of the current files on your server.

    This means you must have set up another site with ISPConfig on that IP address that uses SSL. You can have only one SSL web site per IP address and port.

Share This Page