SSL On Dedicated IP

I'm not sure what's happening here. I have 4 IP addresses on my system. 1 Shared IP and 3 dedicated IPs.

I have a site set on a dedicated IP with no other sites committed to that IP. I've placed that site's SSL Certificate (pasted into ISPConfig), the key file and the CA certificate in /var/www/www.website.com/ssl directory.

I put these apache mod in the site's ISPConfig...
SSLCACertificateFile /var/www/www.website.com/ssl/rapidssl_01.cer
SSLCertificateKeyFile /var/www/www.website.com/ssl/www.website.com.key
SSLCertificateFile /var/www/www.website.com/ssl/www.website.com.crt

Any attempts to access the https address result in the Fedora test page coming up with the ssl cert for localhost.

Any ideas?

 

OK, here's what I've done/found so far...

I remove these apache mods in the site's ISPConfig they aren't needed...
SSLCACertificateFile /var/www/www.website.com/ssl/rapidssl_01.cer
SSLCertificateKeyFile /var/www/www.website.com/ssl/www.website.com.key
SSLCertificateFile /var/www/www.website.com/ssl/www.website.com.crt

Now, I do have the SSL working properly but it took a while to get it to work.

I generated a CSR. Which in turn generated a KEY.

When I restarted HTTPD, it would not come back up. So, I rebooted the system. During boot at HTTPD Start the system asked me for a Private Key password. Well, this is unusual since when I installed ISPConfig I did NOT encrypt the key files. However when installing FC3 per the perfect setup instructions I DID encrypt those keys. Is this the problem? And if so, can I regenerate those keys?

Now, I did however get the SSL to work since this is a simple transfer of web sites and I had an existing SSL/Key set. I simply pasted the SSL Cert into ISPConfig and saved it. Then deleted the key generated by ISPConfig and replaced it with the existing key for the SSL cert.

It still bothers me that I'd be asked for a password on boot. Especially since I'll need to generate a new CSR for that site in about 2 weeks.

 

Are you referring to your main Apache or ISPConfig's Apache?
If it's ISPConfig's Apache, take a look here: http://www.ispconfig.org/manual_installation.htm

 

The ISPConfig Apache. I did NOT encrypt the key. I can reboot all day long and not be asked for a key password.

What happened is when I created a certificate request in ISPConfig a key was generated. When HTTPD tried to restart it failed. So, I rebooted and when HTTPD tried to start it asked for a key password. The first HTTPD start not the ISPConfig start.

The only SSL key that is encrypted is the Postfix SSL. But it never asks for a password on boot.

 

I think we're getting a little mixed up here. It might be my fault with the way I worded things.

I can currently re-boot without ever being asked for a key password. ISPconfig was compiled with a NON-encrypted key.

Here's where the problem came in...
I created a new website on a free IP address.
In ISPconfig I created a CSR for the new website which also created a key for that CSR
HTTPD would not restart from within ISPConfig <---
I rebooted the machine <---
At HTTPD start I was asked for a key password?? <---

To get past this....
I had to do a manual start and not start httpd or ispconfig.
I removed the new key that was created in /var/web/webXX/ssl <---
I rebooted the machine without a problem. <---

 

Which distribution do you use?
Did you install your main Apache from your distribution's packages, or did you compile it manually?

 

ISPConfig version: 2.2.10 - Setup per instructions

On a Fedora Core 3 perfect setup.

Somehow, this problem seems to have vanished on it's own. I'm not sure what caused it but I generated the SSL CSR again today for that web site and it didn't happen. I even re-booted after doing it to be sure. It might have been gremlins.

By the way, on the CSR topic is it possible to keep the CRT and KEY files that already exist intact? That is until the new CRT is received. Fortunately I had backup copies so the site can still operate under SSL until the new CRT is received.