Sorry if this question has been asked before but I was unable to find the answer to my question. I would like to add a proper verified certificate to ISPConfig, can this be done and how do I do it? Thanks in advance for your assistance.
I mean for the ISPConfig webserver. We would like to create a portal for our customers to use to access there control panels but with a trusted certificate.
Hi Lee.cooper, You mean like the attacment below where you can add a ssl certificate for the domain ???? Is this what you mean ??? One other thing as well as falko/till will tell you can have only one ssl certificate per ip..... or is that per domain... Correct me if im wrong falko hehe.... regards brainz
Have a look at /root/ispconfig/httpd/conf/httpd.conf. The certs that are currently in use are listed in there. Create a new certificate as described here: http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4 and use the csr to get an official SSL cert from a CA. Then replace your own cert with the official cert and restart ISPConfig: Code: /etc/init.d/ispconfig_server restart
Okay I followed the instructions provided and replaced the key with the one provided by XRamp and I get an error when restarting. The error I get is as follows: Apache:mod_ssl:Error: Private key not found. **Stopped /root/ispconfig/httpd/bin/apachectl startssl: httpd could not be started What did I do wrong?
I think I have resolved the httpd error, but now I cant access the webpage, I get page cannot be displayed. Please help!!
You mean the ISPConfig web interface? Any errors when you restart ISPConfig or when you look in the logs in /root/ispconfig/httpd/logs?
Yes there are errors in error_log. They are [Thu Jun 22 17:33:55 2006] [error] mod_ssl: Init: (linuxhost.datelhosting.co.uk:81) Unable to configure RSA server private key (OpenSSL library error follows) [Thu Jun 22 17:33:55 2006] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
It seems you entered wrong values when you created your new certificate. Please make a new one: http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4 and try again.
Thanks for the reply Falko, but would you mind taking a look at this http://www.xramp.com/support/sslcertificates/csr/apacheunix The certificate company suggests I use these instructions, but I want to verify that its not going to kill ISPConfig. Thanks
Just so I dont mess this up and cause myself more hassle. When I get my key back I get several files sent. These are datelhosting_co_uk.p7b - Certificate for Windows Server 2000/2003 datelhosting_co_uk.cer - Certificate for all other servers sslbundle.crt - Intermediate Certificates (CA Bundle) Do I use the datelhosting_co_uk.cer and if so what do I do with it?
Perhaps I should also tell you that this the certificate for the hosting company not a client. It is the only one requiring SSL. I wasnt sure if this made any difference to the configuration or not. What I also noticed is that from the control panel with in ISPConfig is when I select the SSL check box, it says that it already has a certicate assigned, is this the one that I am overwriting? Im sure this is very simple and I am missing something really stupid, but I have to be honest its really frustrating.
I think you have to use these ones, but you will have to rename them to the names of the current files on your server. This means you must have set up another site with ISPConfig on that IP address that uses SSL. You can have only one SSL web site per IP address and port.