Hello group I posed this question some time ago and Till did respond, however I have been out of my office for months now and can't locate his response in my email client.. Anyhow... My server is running Ubuntu 7.10 and ISPConfig. When I try to access ISPConfig using the URL: https://giganetwireless.net:81/ The browser just works and works never going to the ISPConfig login screen. This is a SSL certificate issue isn't it? I have logged into ISPConfig from the server Desktop itself and have accessed the primary domain giganetwireless.net, then I navigated to SSL then I entered the company information then I selected 'Create Certificate' then chose 'Save'. The server generated a CSR and a Certificate too, however I want to buy a new NetSol SSL Certificate to install onto this server, can someone direct me to the steps to be taken to complete this task. I assume I must submit the CSR to NetSol and they will in-turn generate a SSL Certificate to be installed afterwards... Thanking you in advance for your help with this matter. Regards
The server on port 81 has nothing to do with the website were you created the SSL cert. The SSL websites run on port 443. Please try to access ISPConfig with firefox and see if you gat any SSL error message.
Hi Till Thank you for the response, and I aplogize for the lapse in response. I use FF as my primary web-browser, when I try to access https://giganetwireless.com:81/ the browser never times-out or resturns any sort of SSL error message. Thanking you in advance for your help with this matter. Regards
Did you try to connect with and without https on the IP address of the server instaed of the hostname?
Hi Till Thank you for the reply... Here are my findings with your suggestion: 1) When I try accessing ISPConfig VIA: https://65.197.209.3:81/ The browser works and works but never even returns an error msg of any sort. 2) When I try accessing ISPConfig VIA http://65.197.209.3:81/ The server sends the browser to the Shared IP page from ISPConfig. Have a great day Regards
Hi Falko... I just this evening got a chance to re-create the SSL cert for one of my two servers having this SSL OR ISPConfig access problem. Doing the following: Accessing ISPConfig is un-successful still. What's weird is one my NIX servers has a desktop on it and I can access either of the two servers ISPConfig VIA web-browser, yet on MS servers and PC's I am unable to access ISPConfig login VIA web-browser? Thanking you in advance for your help Falko Regards
Please check all your firewalls if port 81 is blocked. Is the ISPConfig server in a LAN (behind a router), or is it connected directly to the internet (e.g. in a datacenter)?
Thank you rof the reply Falko My servers are connected directly to the Internet. The workstations I am attempting to access ISPConfig from are however behind a firewall (2). I have added FW rules to my trunk interceptor and DS1 routers allowing port 81 traffic both in and outward bound. From any one of my workstations I am able to ping any one of the specific servers running ISPConfig at port 81. xx.xxx.xxx.x:81 successfully returns pings, this should indidcate that the firewall rule is allowing access to port 81 wouldn't it? However I am still unable to access ISPConfig on either server VIA web-browser... Would you still suggest FW tweaking Falko? Regards
Thank you leventersoy I tried starting SSL as you suggested, but FF still returns the following: Regards
This means it's not a firewall problem because you're at least getting a connection (although it was interrupted). I think you should recreate the SSL certificate, but this time please accept all default values. Don't enter custom data.
Thank you Falko I regenerated the SSL cert using all default values as you suggested. When trying to access ISPConfig however I still get the same results running FF. Regards
Thank you Falko I first tried accessing ISPConfig so any recorded errors generated by the SSL would appear at teh bottom of any logging. In error_log all errors were not from today. However, in ssl_request_log I see the following: Code: [27/Feb/2008:09:00:19 -0800] 65.197.209.2 TLSv1 DHE-RSA-AES256-SHA "POST /multidoc/edit/edit.php HTTP/1.1" 5 [27/Feb/2008:09:00:19 -0800] 65.197.209.2 TLSv1 DHE-RSA-AES256-SHA "GET /multidoc/edit/edit.php?doctype_id=1013&tree_id=100& HTTP/1.1" 30280 [27/Feb/2008:09:00:54 -0800] 65.197.209.2 TLSv1 DHE-RSA-AES256-SHA "GET /logoff.php? HTTP/1.1" 5 [27/Feb/2008:09:00:54 -0800] 65.197.209.2 TLSv1 DHE-RSA-AES256-SHA "GET /login.php?err=999 HTTP/1.1" 2158 In ssl_engine_log I find the following: Code: [27/Feb/2008 09:00:54 32022] [info] Connection to child 0 established (server www.giganetwireless.net:81, client 65.197.209.2) [27/Feb/2008 09:00:54 32022] [info] Seeding PRNG with 1160 bytes of entropy [27/Feb/2008 09:00:54 32022] [info] Connection: Client IP: 65.197.209.2, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits) [27/Feb/2008 09:00:54 32022] [info] Initial (No.1) HTTPS request received for child 0 (server www.giganetwireless.net:81) [27/Feb/2008 09:00:54 32022] [info] Subsequent (No.2) HTTPS request received for child 0 (server www.giganetwireless.net:81) [27/Feb/2008 09:01:10 32022] [info] Connection to child 0 closed with standard shutdown (server www.giganetwireless.net:81, client 65.197.209.2) And in accesss_log I see the following: Code: 65.197.209.2 - - [27/Feb/2008:09:00:19 -0800] "POST /multidoc/edit/edit.php HTTP/1.1" 302 5 65.197.209.2 - - [27/Feb/2008:09:00:19 -0800] "GET /multidoc/edit/edit.php?doctype_id=1013&tree_id=100& HTTP/1.1" 200 30280 65.197.209.2 - - [27/Feb/2008:09:00:54 -0800] "GET /logoff.php? HTTP/1.1" 302 5 65.197.209.2 - - [27/Feb/2008:09:00:54 -0800] "GET /login.php?err=999 HTTP/1.1" 200 2158 Thanking you in advance for your help Falko. Regards
Thank you Falko Code: Chain INPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere eth0_in 0 -- anywhere anywhere Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:INPUT:REJECT:' reject 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination eth0_fwd 0 -- anywhere anywhere Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:FORWARD:REJECT:' reject 0 -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere eth0_out 0 -- anywhere anywhere Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:OUTPUT:REJECT:' reject 0 -- anywhere anywhere Chain Drop (2 references) target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth dropBcast 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation- needed ACCEPT icmp -- anywhere anywhere icmp time-exceeded dropInvalid 0 -- anywhere anywhere DROP udp -- anywhere anywhere multiport dports lo c-srv,microsoft-ds DROP udp -- anywhere anywhere udp dpts:netbios-ns :netbios-ssn DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 DROP tcp -- anywhere anywhere multiport dports lo c-srv,netbios-ssn,microsoft-ds DROP udp -- anywhere anywhere udp dpt:1900 dropNotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain Chain Reject (4 references) target prot opt source destination reject tcp -- anywhere anywhere tcp dpt:auth dropBcast 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp fragmentation- needed ACCEPT icmp -- anywhere anywhere icmp time-exceeded dropInvalid 0 -- anywhere anywhere reject udp -- anywhere anywhere multiport dports lo c-srv,microsoft-ds reject udp -- anywhere anywhere udp dpts:netbios-ns :netbios-ssn reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 reject tcp -- anywhere anywhere multiport dports lo c-srv,netbios-ssn,microsoft-ds DROP udp -- anywhere anywhere udp dpt:1900 dropNotSyn tcp -- anywhere anywhere DROP udp -- anywhere anywhere udp spt:domain Chain all2all (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTAB LISHED Reject 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:all2all:REJECT:' reject 0 -- anywhere anywhere Chain dropBcast (2 references) target prot opt source destination DROP 0 -- anywhere anywhere PKTTYPE = broadcast DROP 0 -- anywhere anywhere PKTTYPE = multicast Chain dropInvalid (2 references) target prot opt source destination DROP 0 -- anywhere anywhere state INVALID Chain dropNotSyn (2 references) target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN, RST,ACK/SYN Chain dynamic (2 references) target prot opt source destination Chain eth0_fwd (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW norfc1918 0 -- anywhere anywhere state NEW tcpflags tcp -- anywhere anywhere Chain eth0_in (1 references) target prot opt source destination dynamic 0 -- anywhere anywhere state INVALID,NEW smurfs 0 -- anywhere anywhere state INVALID,NEW norfc1918 0 -- anywhere anywhere state NEW tcpflags tcp -- anywhere anywhere net2fw 0 -- anywhere anywhere Chain eth0_out (1 references) target prot opt source destination fw2net 0 -- anywhere anywhere Chain fw2net (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT icmp -- anywhere anywhere ACCEPT 0 -- anywhere anywhere Chain logdrop (0 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:logdrop:DROP:' DROP 0 -- anywhere anywhere Chain logflags (5 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:logflags:DROP:' DROP 0 -- anywhere anywhere Chain logreject (0 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:logreject:REJECT:' reject 0 -- anywhere anywhere Chain net2all (0 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTAB LISHED Drop 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:net2all:DROP:' DROP 0 -- anywhere anywhere Chain net2fw (1 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere ACCEPT tcp -- giganetwireless.net anywhere tcp dpt:www limit: avg 20/sec burst 24 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:telnet ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- 65.197.209.0 anywhere tcp dpt:69 ACCEPT udp -- 65.197.209.0 anywhere udp dpt:tftp ACCEPT tcp -- anywhere anywhere tcp dpt:www limit: avg 20/sec burst 24 ACCEPT tcp -- anywhere anywhere tcp dpt:81 limit: a vg 20/sec burst 24 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT udp -- anywhere anywhere udp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:snmp ACCEPT udp -- anywhere anywhere udp dpt:snmp ACCEPT tcp -- anywhere anywhere tcp dpt:https limit : avg 20/sec burst 24 ACCEPT icmp -- anywhere anywhere icmp echo-request l imit: avg 5/sec burst 8 ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- 65.197.209.0/24 anywhere tcp dpt:54000 ACCEPT tcp -- anywhere anywhere MAC 00:03:25:21:FA: 23 tcp dpt:54000 ACCEPT tcp -- anywhere giganetwireless.net tcp dpt:www ACCEPT tcp -- anywhere giganetwireless.net tcp dpt:https Drop 0 -- anywhere anywhere LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:net2fw:DROP:' DROP 0 -- anywhere anywhere Chain norfc1918 (2 references) target prot opt source destination rfc1918 0 -- 172.16.0.0/12 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 172.16.0. 0/12 rfc1918 0 -- 192.168.0.0/16 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 192.168.0 .0/16 rfc1918 0 -- 10.0.0.0/8 anywhere rfc1918 0 -- anywhere anywhere ctorigdst 10.0.0.0/ 8 Chain reject (11 references) target prot opt source destination DROP 0 -- anywhere anywhere PKTTYPE = broadcast DROP 0 -- anywhere anywhere PKTTYPE = multicast DROP 0 -- 65.197.209.128 anywhere DROP 0 -- 255.255.255.255 anywhere DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere REJECT tcp -- anywhere anywhere reject-with tcp-res et REJECT udp -- anywhere anywhere reject-with icmp-po rt-unreachable REJECT icmp -- anywhere anywhere reject-with icmp-ho st-unreachable REJECT 0 -- anywhere anywhere reject-with icmp-ho st-prohibited Chain rfc1918 (6 references) target prot opt source destination LOG 0 -- anywhere anywhere LOG level info pref ix `Shorewall:rfc1918:DROP:' DROP 0 -- anywhere anywhere Chain shorewall (0 references) target prot opt source destination Chain smurfs (2 references) target prot opt source destination LOG 0 -- 65.197.209.128 anywhere LOG level info pref ix `Shorewall:smurfs:DROP:' DROP 0 -- 65.197.209.128 anywhere LOG 0 -- 255.255.255.255 anywhere LOG level info pref ix `Shorewall:smurfs:DROP:' DROP 0 -- 255.255.255.255 anywhere LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:' DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere Chain tcpflags (2 references) target prot opt source destination logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,R ST,PSH,ACK,URG/FIN,PSH,URG logflags tcp -- anywhere anywhere tcp flags:FIN,SYN,R ST,PSH,ACK,URG/NONE logflags tcp -- anywhere anywhere tcp flags:SYN,RST/S YN,RST logflags tcp -- anywhere anywhere tcp flags:FIN,SYN/F IN,SYN logflags tcp -- anywhere anywhere tcp spt:0 flags:FIN ,SYN,RST,ACK/SYN Regards
