Hi. I set up SSL for one of my websites and installed the certificate which works fine. Now I need to upload the personal certicate for a site created by ISPConfig to PayPal which will only accept the certificate in .pem format. In the ssl directory of the website, there is no .pem files. Is it possible to get ISPConfig to generate a .pem file? Thanks
Encryped Website Payments from osCommerce using SSL and the PayPal IPN. Data is encrypted between the user's browser and the osCommerce server by implementing SSL on the server. Data between the user's browser and PayPal is encrypted by the use of SSL at PayPal. The data transferred from the osCommerce server to PayPal is not encrypted unless PayPal Encrypted Website Payments are used (see https://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ewp-intro-outside)
Have you tried to upload the .crt file from the SSL directory to paypal? As ISPCOnfig uses the default Cert file format from apache i guess the .crt file is already in .pem file format.
Further SSL Queries When I try and use my SSL certificate with PayPal Encrypted Website Payments I get an error saying I note that the section of ISPConfig where the certificate request is generated does not include the option to add an email address. So my questions are: Is an email address included when generating the certificate request and if so, which one? If not, how can I generate a certificate request for that website which will include the email address? Is there anyway that I can add this functionality into ISPConfig as I have customers who will be needing to do the same? Thanks
Yes the email address is included. When your website is for example www.yourdomain.com, then the email address in the ssl cert is: "[email protected]" If you need custom email addresses, you will have to add an ssl_email field in the form designer on the SSL tab and then modify the file /root/ispconfig/scripts/lib/config.lib.php around line 1645. The function is named make_openssl_cnf(....);
Thanks Till. That is the address used in both PayPal and osCommerce so I'm at a loss as to what is causing the problem. Do you know of anyway I can check the address in the certificate to find out what it is and make adjustments for the next certificate? Thats something I may look at later once I get this problem sorted.
No. But I'am pretty sure that there must be such a tool. Maybe you find some infos on the openSSL pages? Another idea: Have you tried to connect to the SSL site with your internet browser and had a look at the certificate information there?
I had a search but couldn't find one - I'll keep looking. Yes, tried that first but couldn't see any email address at all in the certificate.
Hmm, maybe the way ISPConfig adds the email address to the SSL-Cert config file is incorrect. But if i remember correctly when I upload an SSL certificate request made by ISPConfig to instantssl i have seen the mail address there Have you checked other SSL certs not made by ISPConfig if you can see the email address there in the webbrowser?
The email address is correct in the csr - you can check it using Code: openssl req -noout -text -in domainname.csr Just checked a couple of commercial websites and can't see them. I'll get another certificate made and see if that cures it, but I'm sure I did everything correctly. At least the csr works fine.