SSL Setup Question

Hi,

I've purchased an SSL Cert from Godaddy, created the key and csr files, and downloaded my cert. All that is fine. Now, I don't know what to do next. What needs to be done in the ISPC admin panel to setup the new cert on an existing site? Where does the cert need to be placed on the server?

Thanks.

Brian

 

Also take a look here: http://www.howtoforge.com/faq/14_49_en.html

 

Thanks for the help, guys. The site shows a generic error page in IE. In Firefox, I get an error code 12263 SSL_ERROR_RX_RECORD_TOO_LONG message.

Any ideas?

 

Any errors in the Apache logs?

 

The only thing in the (Apache2) error log was this...

[Mon May 28 14:47:08 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch4 mod_ssl/2.2.3 OpenSSL/0.9.8c configured -- resuming normal operations

And that wasn't even when I tried to access the site in question. There are several of those same messages in the error log.

There were no errors in the /var/log/httpd/ logs.

One other thing...should the Vhosts file for this domain have any SSL comments in it...or does that go someplace else? This is the Vhosts section of this domain:

 

I did some further testing (and Googling) and I manually added a separate Vhosts entry for the site at port 443

I restarted Apache, entered the pass phrase and Apache restarted without errors. I then logged on the https site, and got to the https directory...but, I encountered a certificate error.

This error shows up in Firefox and Safri on a Mac...but not in IE. So, I have three questions:

1-Why the error in Firefox (PC) and Safari (Mac) and not IE (PC)?
2-Will the Vhosts config "stay" after an ISPConfig upgrade
3-Is there any way to not have to enter the pass phrase on reboot of Apache?

Thanks for all the help!

Brian

 

When you enable SSL on the Basis tab of the web site in ISPConfig, there should be a second vhost that contains the SSL settings. If you don't see that second vhost: can you post the

Code:

ls -l

output of the directory where Vhosts_ispconfig.conf is in?
What's the output of

Code:

ls -la /root/ispconfig

?

 

Thanks Falko...here they are:

 

Ok, can you rename one of those Vhosts_ispconfig.conf files that have a date at the end to Vhosts_ispconfig.conf and run

Code:

httpd -t

? What's the output?

 

Thanks again for the help on this. No matter which config file I renamed, I get the following error:

Here's the content of the file (for the domain in question):

 

I deleted the website in the ISP CP, and then tried to re-create the site...then I looked in the vhosts.ispconf file, and there still isn't an SSL section for this site.

 

I had this issue also. To resolve this I had to download gd_intermediate_bundle.cer from Godaddy.com/Repository
then upload to my sites ssl folder. Then from the ispconfig control panel for that site in apache directives I had to add the line "SSLCACertificateFile /var/www/web?/ssl/gd_intermediate_bundle.cer" and Save.
after that I no longer had any Problems with errors in firefox.

 

Thanks, Dave. I was wondering what I was supposed to do with that file. it said to download it...just not what to do with it. Now, I just need to figure out why ISPConfig isn't adding the SSL site in the vhosts file.

Thanks again Dave and Falko!

 

I did...post #11.

 

You have a virtual host within a virtual host:

Code:

<VirtualHost 192.168.1.4:443>
ServerName http://domain.com
SSLEngine on
SSLCertificateFile \
/certificates/domain.com.crt
SSLCertificateKeyFile \
/certificates/domain.com.key
</VirtualHost>

Did you put it there? Something like this isn't written by ISPConfig.

 

That was put in by me. Upon installing the certificate based on your directions on the first page of this thread, I looked in the vhosts file and didn't see any SSL section. So I tried to add it in the Apache Directives for this domain. I didn't realize that it would add the virtual host inside the other virtual host...so obviously it didn't like the syntax...and named the file by the date. Then in post #10 you wanted me to rename one of those files and remove the date. That's where we are now. The problem is that ISPConfig isn't adding the separate vhost for the ssl port...just the regular stuff on port 80. Thanks again for all the help on this!!!

 

bschultz, just speaking from my own experience here. not sure if it would help. but have you created a ssl crt from the ispconfig control panel for that web. I had this issue when I had a ssl cert already and just checked off ssl in the control panel and thought groovy but nothing ever was wrote to the vhost file. wasnt till I created a csr or self signed ssl via the control panel that it added the appropriate lines withen the vhost file.

 

Dave,

That worked to get the Apache vhost info correct....but I'm still getting a cert error....even after your suggestion of

in the Apache directive field.