Current time: 12-25-2024, 11:02 PM Hello There, Guest! (LoginRegister)


Post Reply 
[HowTo] Create your own SSL CA and secure multiple services
Author Message
FeG Offline
Banned

Posts: 222
Joined: Aug 2007
Post: #1
[HowTo] Create your own SSL CA and secure multiple services
Hi all...

I've just posted this HowTo to the ispCP wiki:

HowTo - Create your own SSL CA and secure multiple services.

It describes the following points:
* Creating your own SSL Certification Authority (CA) to sign SSL certificates by yourself
* Securing these services with SSL encryption:
- apache (ispCP Webinterface, phpMyAdmin, Webmail)
- postfix
- courier POP/IMAP
- ProFTPD

Of course, there are mistakes in this HowTo - but I didn't found them already Wink so if you do, please tell me...

Greetings
FeG
(This post was last modified: 04-03-2008 12:37 AM by FeG.)
09-16-2007 05:22 AM
Find all posts by this user Quote this message in a reply
rsmithgs Offline
Junior Member
*

Posts: 176
Joined: Apr 2007
Reputation: 1
Post: #2
RE: [HowTo] Create your own SSL CA and secure multiple services
looks good, will do a run through of it soonish see how it goes Smile
09-16-2007 08:16 AM
Find all posts by this user Quote this message in a reply
DaSilva Offline
Member
***

Posts: 302
Joined: Dec 2007
Reputation: 0
Post: #3
RE: [HowTo] Create your own SSL CA and secure multiple services
I have finished step 2.2 but it doesn't work.
In the ispCP admin panel HTTPS is shown as running and the certificate is displayed too at the first time browsing to my secured domain but there it shows:

Quote:Not Found

The requested URL /php5/php5-fcgi-starter/index.php was not found on this server.
Apache/2.2.0 (Fedora) Server at http://www.frefel.net Port 443

/var/log/apache2/users/ssl.frefel.net-error.log (many of that):

Code:
[Wed Apr 02 14:32:57 2008] [warn] (9)Bad file descriptor: Failed to acquire SSL session cache lock
[Wed Apr 02 14:32:57 2008] [warn] (9)Bad file descriptor: Failed to release SSL session cache lock
[Wed Apr 02 14:32:57 2008] [error] [client 145.228.98.240] (2)No such file or directory: FastCGI: stat() of "/var/www/ispcp/gui/php5" failed

/etc/apache2/sites-enabled/01_ssl_master.conf looks like this (edited @ with [at]):

Code:
NameVirtualHost 193.34.68.126:443
<VirtualHost 193.34.68.126:443>
     #
     # SSL Start
     #
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/apache.cert.pem
     SSLCertificateKeyFile /etc/apache2/ssl/apache.key.pem
     #
     # SSL End
     #
     ServerAdmin     support[at]frefel.net
     DocumentRoot    /var/www/ispcp/gui
     ServerName      frefel.net
     ErrorLog        /var/log/apache2/users/ssl.frefel.net-error.log
     TransferLog     /var/log/apache2/users/ssl.frefel.net-access.log
     CustomLog       /var/log/apache2/ssl.frefel.net-traf.log traff
     CustomLog       /var/log/apache2/ssl.frefel.net-combined.log combined

Internet Explorer 7 shows

   

at first and then error 404.

What can I do to fix this?
Iam using Debian Etch 64.
Thanks in advance.
(This post was last modified: 04-02-2008 10:43 PM by DaSilva.)
04-02-2008 05:59 PM
Visit this user's website Find all posts by this user Quote this message in a reply
FeG Offline
Banned

Posts: 222
Joined: Aug 2007
Post: #4
RE: [HowTo] Create your own SSL CA and secure multiple services
Hi DaSilva,

DaSilva Wrote:I have finished step 2.2 but it doesn't work.
...
/etc/apache2/sites-enabled/01_ssl_master.conf looks like this:

Code:
NameVirtualHost 193.34.68.126:443
<VirtualHost 193.34.68.126:443>
     ...

Are maybe these lines missing?
Code:
<IfModule mod_fastcgi.c>
           SuexecUserGroup vu2000 vu2000
    </IfModule>

    <Directory /var/www/ispcp/gui>
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    <IfModule mod_fastcgi.c>
        ScriptAlias /php4/ /var/www/fcgi/master/
        ScriptAlias /php5/ /var/www/fcgi/master/
        <Directory "/var/www/fcgi/master">
            AllowOverride None
            Options +ExecCGI MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>

    <IfModule mod_php4.c>
        <Directory /var/www/ispcp/gui>
            php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/proc/:/var/www/virtual/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
            php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
        </Directory>
    </IfModule>
    <IfModule mod_php5.c>
        <Directory /var/www/ispcp/gui>
            php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/proc/:/var/www/virtual/:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
            php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
        </Directory>
    </IfModule>

In the HowTo I only said "below here, nothing has to be changed", but these lines has to stay there..

Quote:Internet Explorer 7 shows ...

This is normal, because IE doesn't know your CA - of course.. you have to install it; if you've fully followed my howto, this link should lead you there: http://yourdomain.com/RootCA.crt

Greetings
FeG
04-03-2008 12:52 AM
Find all posts by this user Quote this message in a reply
DaSilva Offline
Member
***

Posts: 302
Joined: Dec 2007
Reputation: 0
Post: #5
RE: [HowTo] Create your own SSL CA and secure multiple services
Thanks for your help.
I have misunderstood that comment.
That thing with the IE7 looks unprofessional.
"Dumb" customers could think the connection is not safe.
Other https sites (like my bank) have not this problem.
Is it not possible to have SSL support but without that message?
Thanks for help!
04-03-2008 01:00 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #6
RE: [HowTo] Create your own SSL CA and secure multiple services
You have to buy a certificate at a trusted CA.
04-03-2008 01:26 AM
Find all posts by this user Quote this message in a reply
rsmithgs Offline
Junior Member
*

Posts: 176
Joined: Apr 2007
Reputation: 1
Post: #7
RE: [HowTo] Create your own SSL CA and secure multiple services
Or get your customers to install the certificate on there machine
04-03-2008 02:06 AM
Find all posts by this user Quote this message in a reply
DaSilva Offline
Member
***

Posts: 302
Joined: Dec 2007
Reputation: 0
Post: #8
RE: [HowTo] Create your own SSL CA and secure multiple services
How much does that cost?
Is there no free version available?
04-03-2008 04:48 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rsmithgs Offline
Junior Member
*

Posts: 176
Joined: Apr 2007
Reputation: 1
Post: #9
RE: [HowTo] Create your own SSL CA and secure multiple services
About £260 a year.

Nope, you can generate one yourself but that brings you back to square one unless you distribute the certificate to your clients and ask them to add it to there PC.
04-03-2008 04:52 AM
Find all posts by this user Quote this message in a reply
Kika Offline
Member
***

Posts: 293
Joined: Feb 2007
Reputation: 8
Post: #10
RE: [HowTo] Create your own SSL CA and secure multiple services
DaSilva Wrote:How much does that cost?

https://www.verisign.com/ssl/buy-ssl-cer...index.html

DaSilva Wrote:Is there no free version available?

No, there are no free certificate at a trusted CA.
(This post was last modified: 04-03-2008 04:55 AM by Kika.)
04-03-2008 04:54 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)