Hey guys, I've created a certificate using the certificate MMC on Windows. I exported the certificate to a PFX file with "Include all certificates in the certification path if possible" with private key. I used these commands to export to readable files: Code: openssl pkcs12 -in server.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > clientcert.key openssl pkcs12 -in server.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > clientcert.cer openssl pkcs12 -in server.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.cer Then used Code: cat clientcert.key cat clientcert.cer cat cacerts.cer And copied those contents into clientcert.key -> SSL Key clientcert.cer -> SSL Certificate cacerts.cer -> SSL Bundle. But the bundle file isn't created? Code: ls -ahlp /var/www/server.domain.local/ssl/ total 24K drwxr-xr-x 2 root root 4.0K Mar 11 11:13 ./ drwxr-xr-x 20 root root 4.0K Aug 25 2019 ../ -rw-r--r-- 1 root root 1.2K Mar 11 11:13 server.domain.local.crt -rw-r--r-- 1 root root 997 Mar 11 11:13 server.domain.local.csr -r-------- 1 root root 1.7K Mar 11 11:13 server.domain.local.key -r-------- 1 root root 1.8K Mar 11 11:13 server.domain.local.key.org Any ideas on where to look / what to do?
I put my data into the field and then used "Create" -> Save Once i noticed, i updated the fields again used "Save" from pulldown -> Save Now it works as intended
That's correct, the bundle is not used anymore in recent apache versions. Apache expects the bundle cert now in the .crt file, and that's what ISPConfig is doing when it detects a new apache version.
Yeah, as i said, i had to update the fileds after the cert had been created... So it's all working now! Thnx so much!
In your case, entering the cert, key, and bundle info the fields and then selecting save without creating a cert first would have been the right procedure (it's described in the manual chapter 6.4.1). Creating a cert will create a new self-signed cert and CSR, this is only used if you need that CSR to get a new signed certificate and not in case you have already one.
Then i must have an old version of the manual? Issued to Tuumke ([email protected]) Date: 2017-11-30 Thanks for the clarification!