Go Back   ISPsystem.com Forums > ISPmanager > Troubleshooting

Notices

Reply
 
Thread Tools
Old 01-14-2012, 06:54 PM   #1
Junior Member
 
Join Date: Jan 2012
Location: Copenhagen, Denmark
Posts: 12
jimpannell is on a distinguished road
Default How do I add a RapidSSL SSL certificate to ISPManager?

Hi there

I've just bought a RapidSSL SSL certificate for a domain I have in ISPManager that has an IP address assigned to just that domain.

I'm really struggling to get it working.

The instructions I got from RapidSSL are as follows:

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Install the X.509 version of your certificate included at the end of this email. For installation instructions for your SSL Certificate, go to:
https://knowledge.rapidssl.com/suppo...ent&id=SO16226

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the RapidSSL intermediate Certificate included at the end of this e-mail on your server together with your Certificate or it may not operate correctly.

You can also get your RapidSSL intermediate Certificates at:
https://knowledge.geotrust.com/suppo...tent&id=AR1422

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.rapidssl.com/suppo...ewlocale=en_US

I'm fairly sure I managed to get the actual certificate installed, but I have no idea how to get part 2 done, plus even after restarting the server, https://mydomain.com is using an untrusted certificate. There's no evidence that my RapidSSL cert is installed.

Any help would be greatly appreciated.

Cheers


Jim
jimpannell is offline   Reply With Quote
Old 01-14-2012, 08:03 PM   #2
ISPsystem team
 
slava's Avatar
 
Join Date: May 2008
Location: ISPsystem
Posts: 588
slava is on a distinguished road
Default

Hello, use SSL certificates module in ISPmanager on user level, install cerficate and enable in the module or in WWW domain properties (for new ISPmanager 4.4.x).

Check SSL certificate in IE/Chrome, for Firefox you should add RapidSSL CA to Apache configuration file into SSL VirtualHost

SSLCACertificateFile /var/www/httpd-cert/ca.crt

Code:
wget -O /var/www/httpd-cert/ca.crt "https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem" --no-check-certificate

Last edited by slava; 01-14-2012 at 08:27 PM.
slava is offline   Reply With Quote
Old 01-15-2012, 06:53 PM   #3
Junior Member
 
Join Date: Jan 2012
Location: Copenhagen, Denmark
Posts: 12
jimpannell is on a distinguished road
Default

Many thanks for your quick reply Slava!

I've done what you suggested and got no errors. Not sure if it's possible for me to test properly though as I haven't changed the dns for the domain yet (moving it to a new server), so am viewing it by editing the hosts file on my Macbook Pro. When I view
https://lecafeshop.co.uk I actually get:



Could it be that it isn't possible to see an https via editing the hosts file?

Cheers


Jim
jimpannell is offline   Reply With Quote
Old 01-15-2012, 08:47 PM   #4
ISPsystem team
 
slava's Avatar
 
Join Date: May 2008
Location: ISPsystem
Posts: 588
slava is on a distinguished road
Default

You have certificate for localhost name



I think you have a problem in the Apache configuration, and at this IP address you already have a site that listens to the SSL-connection. You should check the Apache configuration file and find the SSL-host who is above VirtualHost your site and remove it.
slava is offline   Reply With Quote
Old 01-16-2012, 01:44 PM   #5
Junior Member
 
Join Date: Jan 2012
Location: Copenhagen, Denmark
Posts: 12
jimpannell is on a distinguished road
Default

Mmm... I thought I'd removed that.

In my /var/www/httpd-cert/ directory I have the following:

ca.crt
lecafeshop.co.uk crt
lecafeshop.co.uk.key

In ISPManager I have the following under ssl:


Would you recommend I delete everything and start again?
jimpannell is offline   Reply With Quote
Old 01-16-2012, 02:06 PM   #6
Junior Member
 
Join Date: Jan 2012
Location: Copenhagen, Denmark
Posts: 12
jimpannell is on a distinguished road
Default

Okay - I've deleted what I had in there now and will try and start again.

What I received from RapidSSL is the following:

* Web Server CERTIFICATE
* INTERMEDIATE CA

When I click 'New' under the SSL module in ISPManager do I need to select 'Request' or 'Existing' here? For this server, it's a brand new SSL certificate.

Looking at other instructions, I should select 'existing', but I have no idea where I get the certificate key from.

I'm clueless when it comes to SSL certs I'm afraid... Definitely not my strongpoint.
jimpannell is offline   Reply With Quote
Old 01-16-2012, 03:28 PM   #7
ISPsystem team
 
slava's Avatar
 
Join Date: May 2008
Location: ISPsystem
Posts: 588
slava is on a distinguished road
Default

Check files in /etc/httpd.
in the SSL module you should create Existing
slava is offline   Reply With Quote
Old 01-16-2012, 06:33 PM   #8
Junior Member
 
Join Date: Jan 2012
Location: Copenhagen, Denmark
Posts: 12
jimpannell is on a distinguished road
Default

Thanks for your help. This is now resolved and I've successfully installed the cert.
jimpannell is offline   Reply With Quote
Reply

Tags
ssl rapidssl certificate

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 08:33 PM.