+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [HowTo] Create your own SSL CA and secure multiple services (/thread-1347.html)
[HowTo] Create your own SSL CA and secure multiple services - FeG - 09-16-2007 05:22 AM
Hi all...
I've just posted this HowTo to the ispCP wiki:
HowTo - Create your own SSL CA and secure multiple services.
It describes the following points:
* Creating your own SSL Certification Authority (CA) to sign SSL certificates by yourself
* Securing these services with SSL encryption:
- apache (ispCP Webinterface, phpMyAdmin, Webmail)
- postfix
- courier POP/IMAP
- ProFTPD
Of course, there are mistakes in this HowTo - but I didn't found them already
so if you do, please tell me...Greetings
FeG
RE: [HowTo] Create your own SSL CA and secure multiple services - rsmithgs - 09-16-2007 08:16 AM
looks good, will do a run through of it soonish see how it goes
RE: [HowTo] Create your own SSL CA and secure multiple services - DaSilva - 04-02-2008 05:59 PM
I have finished step 2.2 but it doesn't work.
In the ispCP admin panel HTTPS is shown as running and the certificate is displayed too at the first time browsing to my secured domain but there it shows:
Quote:Not Found
The requested URL /php5/php5-fcgi-starter/index.php was not found on this server.
Apache/2.2.0 (Fedora) Server at http://www.frefel.net Port 443
/var/log/apache2/users/ssl.frefel.net-error.log (many of that):
Code:
[Wed Apr 02 14:32:57 2008] [warn] (9)Bad file descriptor: Failed to acquire SSL session cache lock
[Wed Apr 02 14:32:57 2008] [warn] (9)Bad file descriptor: Failed to release SSL session cache lock
[Wed Apr 02 14:32:57 2008] [error] [client 145.228.98.240] (2)No such file or directory: FastCGI: stat() of "/var/www/ispcp/gui/php5" failed/etc/apache2/sites-enabled/01_ssl_master.conf looks like this (edited @ with [at]):
Code:
NameVirtualHost 193.34.68.126:443
<VirtualHost 193.34.68.126:443>
#
# SSL Start
#
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key.pem
#
# SSL End
#
ServerAdmin support[at]frefel.net
DocumentRoot /var/www/ispcp/gui
ServerName frefel.net
ErrorLog /var/log/apache2/users/ssl.frefel.net-error.log
TransferLog /var/log/apache2/users/ssl.frefel.net-access.log
CustomLog /var/log/apache2/ssl.frefel.net-traf.log traff
CustomLog /var/log/apache2/ssl.frefel.net-combined.log combinedInternet Explorer 7 shows
[attachment=353]
at first and then error 404.
What can I do to fix this?
Iam using Debian Etch 64.
Thanks in advance.
RE: [HowTo] Create your own SSL CA and secure multiple services - FeG - 04-03-2008 12:52 AM
Hi DaSilva,
DaSilva Wrote:I have finished step 2.2 but it doesn't work.
...
/etc/apache2/sites-enabled/01_ssl_master.conf looks like this:
Code:
NameVirtualHost 193.34.68.126:443
<VirtualHost 193.34.68.126:443>
...
Are maybe these lines missing?
Code:
<IfModule mod_fastcgi.c>
SuexecUserGroup vu2000 vu2000
</IfModule>
<Directory /var/www/ispcp/gui>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_fastcgi.c>
ScriptAlias /php4/ /var/www/fcgi/master/
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_php4.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/proc/:/var/www/virtual/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>
<IfModule mod_php5.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/proc/:/var/www/virtual/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>In the HowTo I only said "below here, nothing has to be changed", but these lines has to stay there..
Quote:Internet Explorer 7 shows ...
This is normal, because IE doesn't know your CA - of course.. you have to install it; if you've fully followed my howto, this link should lead you there: http://yourdomain.com/RootCA.crt
Greetings
FeG
RE: [HowTo] Create your own SSL CA and secure multiple services - DaSilva - 04-03-2008 01:00 AM
Thanks for your help.
I have misunderstood that comment.
That thing with the IE7 looks unprofessional.
"Dumb" customers could think the connection is not safe.
Other https sites (like my bank) have not this problem.
Is it not possible to have SSL support but without that message?
Thanks for help!
RE: [HowTo] Create your own SSL CA and secure multiple services - Cube - 04-03-2008 01:26 AM
You have to buy a certificate at a trusted CA.
RE: [HowTo] Create your own SSL CA and secure multiple services - rsmithgs - 04-03-2008 02:06 AM
Or get your customers to install the certificate on there machine
RE: [HowTo] Create your own SSL CA and secure multiple services - DaSilva - 04-03-2008 04:48 AM
How much does that cost?
Is there no free version available?
RE: [HowTo] Create your own SSL CA and secure multiple services - rsmithgs - 04-03-2008 04:52 AM
About £260 a year.
Nope, you can generate one yourself but that brings you back to square one unless you distribute the certificate to your clients and ask them to add it to there PC.
RE: [HowTo] Create your own SSL CA and secure multiple services - Kika - 04-03-2008 04:54 AM
DaSilva Wrote:How much does that cost?
https://www.verisign.com/ssl/buy-ssl-certificates/index.html
DaSilva Wrote:Is there no free version available?
No, there are no free certificate at a trusted CA.