trusted SSL cert for webmail?

Discussion in 'Installation/Configuration' started by TheBirdMan, Jul 1, 2010.

  1. TheBirdMan

    TheBirdMan Member


    Is it possible to replace the server generated ssl cert with a purchased cert for webmail in ispconfig 2 ? I have a customer using an ipad for https webmail access and he can't connect because the cert is untrusted. I created a cert with the webmail server name and ip address but not sure where to put it or if that would be enough to even work.


  2. falko

    falko Super Moderator ISPConfig Developer

  3. id10t

    id10t Member

    FYI StartSSL gives free certs...
  4. TheBirdMan

    TheBirdMan Member

    invalid RSA


    I modified the server.key2 to 2048 for the godaddy requirements but still get a invalid RSA when submitting. Am I overlooking something simple ?

    Ps- I am now a paying subscriber to help with the cause. :)

    Thanks for the info on startssl but this customer wants to stick with godaddy for now. I will check it out though.

  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Please update your server to ispconfig 2.2.36 and then recreate the sl cert in ispconfig and let it sign from godaddy. Manually editing the server.key2 file does not work as it will not affect the already created csr.
  6. TheBirdMan

    TheBirdMan Member

    Does 2.2.36 then give me the option to create a webmail cert from within ispconfig or do I still use "openssl genrsa -des3 -passout pass: password -out /root/ispconfig/httpd/conf/ssl.key/server.key2 2048" ?

  7. till

    till Super Moderator Staff Member ISPConfig Developer

    webmail is automatically encrypted with ssl when you used the https option for the ispconfig interface during setup.
  8. TheBirdMan

    TheBirdMan Member

    valid cert for webmail

    All we really want to do is be able to connect an ipad using https webmail but need a valid cert to do it. I have tried using the "openssl genrsa..." to generate a csr for godaddy but keep getting an invalid key error when submitting the server.key file it generated (maybe i'm doing it wrong).

    Also - do we use the update manager to go to 2.2.36 from 2.2.35? and will the upgrade allow us to replace the webmail cert from within ispconfig?

    Thanks, This is the last snafoo on this server. :)

  9. falko

    falko Super Moderator ISPConfig Developer

  10. TheBirdMan

    TheBirdMan Member

    https webmail valid cert ispconfig2

    Hello. Its me again,

    The upgrade did the trick and I was able to obtain the cert installing them in /root/ispconfig/httpd/conf/ssl.crt/ and removing the snakoil certs. It is still however not showing the valid cert i purchased when going to https://server:81/webmail. Do I need to also install any apache directives? in /root/ispconfig/httpd/conf/httpd.conf_https maybe ?

    ps - that upgrade took a while, I didn't know I could hold my breath that long.


  11. falko

    falko Super Moderator ISPConfig Developer

    Usually replacing the certs should work. What exactly did you replace?
  12. TheBirdMan

    TheBirdMan Member

    I put the 2 godaddy .crt files in /root/ispconfig/httpd/conf/ssl.crt/
  13. TheBirdMan

    TheBirdMan Member

    Here is the contents of my .crt directory. Is it safe to delete everything other than and gd_bundle ?

    lrwxrwxrwx 1 root root 19 2010-07-23 15:01 0cf14d7d.0 -> snakeoil-ca-dsa.crt
    lrwxrwxrwx 1 root root 16 2010-07-23 15:01 5d8360e1.0 -> snakeoil-dsa.crt
    lrwxrwxrwx 1 root root 6 2010-07-23 15:01 6b181ec1.0 -> ca.crt
    lrwxrwxrwx 1 root root 16 2010-07-23 15:01 82ab5372.0 -> snakeoil-rsa.crt
    lrwxrwxrwx 1 root root 10 2010-07-23 15:01 c7398a12.0 -> server.crt
    -rw-r--r-- 1 root root 418567 2010-07-23 16:51 ca-bundle.crt
    -rw-r--r-- 1 root root 1176 2010-07-23 16:51 ca.crt
    lrwxrwxrwx 1 root root 19 2010-07-23 15:01 e52d41d0.0 -> snakeoil-ca-rsa.crt
    -rw-r--r-- 1 root root 4604 2010-07-24 13:18 gd_bundle.crt
    -rw-r--r-- 1 root root 1968 2010-07-24 13:18
    -rw-r--r-- 1 root root 1522 2010-01-18 09:27 Makefile
    -rw-r--r-- 1 root root 1386 2010-01-18 09:27 README.CRT
  14. TheBirdMan

    TheBirdMan Member

    I figured it out. After deleting all the generic certs I then renamed the purchased one to server.crt then restarted ispconfig.

Share This Page