ISPsystem.com Forums

ISPsystem.com Forums (http://forum.ispsystem.com//index.php)
-   Troubleshooting (http://forum.ispsystem.com//forumdisplay.php?f=11)
-   -   How do I add a RapidSSL SSL certificate to ISPManager? (http://forum.ispsystem.com//showthread.php?t=1745)

jimpannell 01-14-2012 06:54 PM

How do I add a RapidSSL SSL certificate to ISPManager?
 
Hi there

I've just bought a RapidSSL SSL certificate for a domain I have in ISPManager that has an IP address assigned to just that domain.

I'm really struggling to get it working.

The instructions I got from RapidSSL are as follows:

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Install the X.509 version of your certificate included at the end of this email. For installation instructions for your SSL Certificate, go to:
https://knowledge.rapidssl.com/suppo...ent&id=SO16226

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the RapidSSL intermediate Certificate included at the end of this e-mail on your server together with your Certificate or it may not operate correctly.

You can also get your RapidSSL intermediate Certificates at:
https://knowledge.geotrust.com/suppo...tent&id=AR1422

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.rapidssl.com/suppo...ewlocale=en_US

I'm fairly sure I managed to get the actual certificate installed, but I have no idea how to get part 2 done, plus even after restarting the server, https://mydomain.com is using an untrusted certificate. There's no evidence that my RapidSSL cert is installed.

Any help would be greatly appreciated.

Cheers


Jim

slava 01-14-2012 08:03 PM

Hello, use SSL certificates module in ISPmanager on user level, install cerficate and enable in the module or in WWW domain properties (for new ISPmanager 4.4.x).

Check SSL certificate in IE/Chrome, for Firefox you should add RapidSSL CA to Apache configuration file into SSL VirtualHost

SSLCACertificateFile /var/www/httpd-cert/ca.crt

Code:

wget -O /var/www/httpd-cert/ca.crt "https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem" --no-check-certificate

jimpannell 01-15-2012 06:53 PM

Many thanks for your quick reply Slava!

I've done what you suggested and got no errors. Not sure if it's possible for me to test properly though as I haven't changed the dns for the domain yet (moving it to a new server), so am viewing it by editing the hosts file on my Macbook Pro. When I view
https://lecafeshop.co.uk I actually get:

https://img.skitch.com/20120115-be5g...t61kctx8gy.jpg

Could it be that it isn't possible to see an https via editing the hosts file?

Cheers


Jim

slava 01-15-2012 08:47 PM

You have certificate for localhost name

http://img24.imageshack.us/img24/9791/sslj.png

I think you have a problem in the Apache configuration, and at this IP address you already have a site that listens to the SSL-connection. You should check the Apache configuration file and find the SSL-host who is above VirtualHost your site and remove it.

jimpannell 01-16-2012 01:44 PM

Mmm... I thought I'd removed that.

In my /var/www/httpd-cert/ directory I have the following:

ca.crt
lecafeshop.co.uk crt
lecafeshop.co.uk.key

In ISPManager I have the following under ssl:
https://img.skitch.com/20120116-t6uw...91q3a3qj45.jpg

Would you recommend I delete everything and start again?

jimpannell 01-16-2012 02:06 PM

Okay - I've deleted what I had in there now and will try and start again.

What I received from RapidSSL is the following:

* Web Server CERTIFICATE
* INTERMEDIATE CA

When I click 'New' under the SSL module in ISPManager do I need to select 'Request' or 'Existing' here? For this server, it's a brand new SSL certificate.

Looking at other instructions, I should select 'existing', but I have no idea where I get the certificate key from.

I'm clueless when it comes to SSL certs I'm afraid... Definitely not my strongpoint.

slava 01-16-2012 03:28 PM

Check files in /etc/httpd.
in the SSL module you should create Existing

jimpannell 01-16-2012 06:33 PM

Thanks for your help. This is now resolved and I've successfully installed the cert.


All times are GMT +2. The time now is 03:48 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.