I have a suggestion followed by a question (or two). If a valid SSL configuration exists for the web site (or the primary web site where the control panel is located), then it is probably a good idea to restrict the control panel to be used only with SSL and the web site's own SSL configuration. So, I have https://www.example.com/ working properly and I would like to see https://www.example.com:8080/ and https://www.example.com:8081/ both use the valid SSL configuration from the main web site. I found the actual paid-for certificates (entered through the control panel) in the /var/www/clients/client1/web1/ssl directory. But the only way I was able to reference those certificates was to hack into the web server configuration files and change them manually. I'm worried that those files might get overwritten at some point, so it would be nice if this option were actually supported by ISPConfig. what I did for Apache was: Code: Then edit the /etc/httpd/conf/sites-available/ispconfig.vhost file thusly: 1. Comment out the existing SSLCertificateFile and SSLCertificateKeyFile lines; and 2. Add the lines to point to the folowing 3 files in the web site ssl directory: SSLCertificateFile *.crt SSLCertificateKeyFile *.key SSLCACertificateFile *.bundle So, if you rewrite the ispconfig.vhost file for some reason, would you overwrite or preserve the above change? Is there another way to do this that I somehow missed along the way?
Just ensure that you store the ssl cert in the ispconfig ssl directory /usr/local/ispconfig/interface/ssl/ then ispconfig will preserve the certs.
OK, got that. Now for the next question. In that directory I have: Code: ispserver.crt ispserver.csr ispserver.key ispserver.key.secure In my /var/www/clients/client1/web1/ssl directory I have: Code: {domain}.bundle {domain}.crt {domain}.csr {domain}.key {domain}.key~ (which is probably the original {domain}.key file) {domain}.key.org Now this stuff is tricky to get it to work right, so I have to ask: 1. Are you telling me to copy my files unchanged into the /usr/local/ispconfig/interface/ssl/ leaving the existing ispserver.* files right there as they are? 2. If not, are you telling me to copy my files over the top of the equivalent ispserver.* files? 3. If #2 is yes, can I presume that I need to first concatenate my {domain}.crt file followed by my {domain}.bundle file to make up the new ispserver.crt file with {domain}.csr becoming ispserver.csr, {domain}.key becoming ispserver.key, and {domain}.key.org becoming ispserver.key.secure? 4. If not, then what? Thanks in advance,
