Hello, Is it possible to replace the server generated ssl cert with a purchased cert for webmail in ispconfig 2 ? I have a customer using an ipad for https webmail access and he can't connect because the cert is untrusted. I created a cert with the webmail server name and ip address but not sure where to put it or if that would be enough to even work. Thanks, Scott
Yes, you can generate a CSR as shown on http://www.howtoforge.com/forums/showpost.php?p=358&postcount=4 and then buy a certificate with the help of this CSR.
invalid RSA Hi, I modified the server.key2 to 2048 for the godaddy requirements but still get a invalid RSA when submitting. Am I overlooking something simple ? Ps- I am now a paying subscriber to help with the cause. Thanks for the info on startssl but this customer wants to stick with godaddy for now. I will check it out though. Scott
Please update your server to ispconfig 2.2.36 and then recreate the sl cert in ispconfig and let it sign from godaddy. Manually editing the server.key2 file does not work as it will not affect the already created csr.
Does 2.2.36 then give me the option to create a webmail cert from within ispconfig or do I still use "openssl genrsa -des3 -passout pass: password -out /root/ispconfig/httpd/conf/ssl.key/server.key2 2048" ? Scott
webmail is automatically encrypted with ssl when you used the https option for the ispconfig interface during setup.
valid cert for webmail All we really want to do is be able to connect an ipad using https webmail but need a valid cert to do it. I have tried using the "openssl genrsa..." to generate a csr for godaddy but keep getting an invalid key error when submitting the server.key file it generated (maybe i'm doing it wrong). Also - do we use the update manager to go to 2.2.36 from 2.2.35? and will the upgrade allow us to replace the webmail cert from within ispconfig? Thanks, This is the last snafoo on this server. Scott
https webmail valid cert ispconfig2 Hello. Its me again, The upgrade did the trick and I was able to obtain the cert installing them in /root/ispconfig/httpd/conf/ssl.crt/ and removing the snakoil certs. It is still however not showing the valid cert i purchased when going to https://server:81/webmail. Do I need to also install any apache directives? in /root/ispconfig/httpd/conf/httpd.conf_https maybe ? ps - that upgrade took a while, I didn't know I could hold my breath that long. Thanks, Scott
Here is the contents of my .crt directory. Is it safe to delete everything other than myserver.com and gd_bundle ? lrwxrwxrwx 1 root root 19 2010-07-23 15:01 0cf14d7d.0 -> snakeoil-ca-dsa.crt lrwxrwxrwx 1 root root 16 2010-07-23 15:01 5d8360e1.0 -> snakeoil-dsa.crt lrwxrwxrwx 1 root root 6 2010-07-23 15:01 6b181ec1.0 -> ca.crt lrwxrwxrwx 1 root root 16 2010-07-23 15:01 82ab5372.0 -> snakeoil-rsa.crt lrwxrwxrwx 1 root root 10 2010-07-23 15:01 c7398a12.0 -> server.crt -rw-r--r-- 1 root root 418567 2010-07-23 16:51 ca-bundle.crt -rw-r--r-- 1 root root 1176 2010-07-23 16:51 ca.crt lrwxrwxrwx 1 root root 19 2010-07-23 15:01 e52d41d0.0 -> snakeoil-ca-rsa.crt -rw-r--r-- 1 root root 4604 2010-07-24 13:18 gd_bundle.crt -rw-r--r-- 1 root root 1968 2010-07-24 13:18 mail.myserver.com.crt -rw-r--r-- 1 root root 1522 2010-01-18 09:27 Makefile -rw-r--r-- 1 root root 1386 2010-01-18 09:27 README.CRT
I figured it out. After deleting all the generic certs I then renamed the purchased one to server.crt then restarted ispconfig.
