[SOLVED] ISPConfig enterprise (AD domain) certificate bundles

Discussion in 'Installation/Configuration' started by Tuumke, Mar 11, 2020.

  1. Tuumke

    Tuumke Active Member

    Hey guys,

    I've created a certificate using the certificate MMC on Windows. I exported the certificate to a PFX file with "Include all certificates in the certification path if possible" with private key.
    I used these commands to export to readable files:
    Code:
    openssl pkcs12 -in server.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > clientcert.key
    openssl pkcs12 -in server.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > clientcert.cer
    openssl pkcs12 -in server.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.cer
    
    Then used
    Code:
    cat clientcert.key
    cat clientcert.cer
    cat cacerts.cer
    And copied those contents into
    clientcert.key -> SSL Key
    clientcert.cer -> SSL Certificate
    cacerts.cer -> SSL Bundle.
    But the bundle file isn't created?
    Code:
    ls -ahlp /var/www/server.domain.local/ssl/
    total 24K
    drwxr-xr-x  2 root root 4.0K Mar 11 11:13 ./
    drwxr-xr-x 20 root root 4.0K Aug 25  2019 ../
    -rw-r--r--  1 root root 1.2K Mar 11 11:13 server.domain.local.crt
    -rw-r--r--  1 root root  997 Mar 11 11:13 server.domain.local.csr
    -r--------  1 root root 1.7K Mar 11 11:13 server.domain.local.key
    -r--------  1 root root 1.8K Mar 11 11:13 server.domain.local.key.org
    
    Any ideas on where to look / what to do?
     
  2. Tuumke

    Tuumke Active Member

    I put my data into the field and then used "Create" -> Save
    Once i noticed, i updated the fields again used "Save" from pulldown -> Save
    Now it works as intended
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    That's correct, the bundle is not used anymore in recent apache versions. Apache expects the bundle cert now in the .crt file, and that's what ISPConfig is doing when it detects a new apache version.
     
    Tuumke likes this.
  4. Tuumke

    Tuumke Active Member

    Yeah, as i said, i had to update the fileds after the cert had been created...
    So it's all working now! :) Thnx so much!
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    In your case, entering the cert, key, and bundle info the fields and then selecting save without creating a cert first would have been the right procedure (it's described in the manual chapter 6.4.1). Creating a cert will create a new self-signed cert and CSR, this is only used if you need that CSR to get a new signed certificate and not in case you have already one.
     
    Tuumke likes this.
  6. Tuumke

    Tuumke Active Member

    Then i must have an old version of the manual?
    Issued to Tuumke ([email protected]) Date: 2017-11-30

    Thanks for the clarification! :)
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Sorry, the right chapter is 5.4.1 :)
     

Share This Page