ISPConfig and SSL Certificates (CentOS 4.4)

Goal:
To use the same SSL certificate for your ISPConfig control panel on port 81, and on your web site running on port 80. (I’m writing this from memory, so if I’ve missed something, let me know.)

1. Do yourself a favor and perform a perfect setup of CentOS 4.4 and ISPConfig. When you’re running the ISPConfig install script, enter the proper information at step 2 for the certificates. This is so that your certificate request will already have the information you really want to send off to the CA.

2. When the installation is complete, you will have already generated a self-signed certificate for the control panel to use on port 81. These files are:
/root/ispconfig/httpd/conf/ssl.key/server.key
/root/ispconfig/httpd/conf/ssl.csr/server.csr
/root/ispconfig/httpd/conf/ssl.crt/server.crt

3. Send the file /root/ispconfig/httpd/conf/ssl.csr/server.csr off to your certificate authority and give them $20 and they will send you back your signed certificate. I use GoDaddy because they are cheap. Normally you can just copy and paste the contents of this file into a form on their web site somewhere.

4. Put your new certificate in place and restart ISPConfig. Put any intermediate certificates (chains) in there too.
mv /root/ispconfig/httpd/conf/ssl.crt/server.crt /root/ispconfig/httpd/conf/ssl.crt/server.crt.selfsigned
cp /path/to/your/new/certificate.crt /root/ispconfig/httpd/conf/ssl.crt/server.crt
cp /path/to/gd_intermediate_bundle.crt /root/ispconfig/httpd/conf/ssl.crt/gd_intermediate_bundle.crt
service ispconfig_server restart

5. You should now be able to log in to your control panel using https://www.yourdomain.com:81 and your browser shouldn’t complain.

6. In the ISPConfig control panel, create your web site www.yourdomain.com, enable the SSL checkbox, go over to the SSL tab and create a certificate. This will generate another self-signed certificate and install it in /var/www/www.yourdomain.com/ssl, and restart apache for you. You should now be able to go to https:www.yourdomain.com and get an SSL error (but continue anyways to make sure apache is working properly.)

7. Now you can copy your server’s private key and matching certificate which are already installed for the control panel into /var/www/www.yourdomain.com/ssl.
cp /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key.gen_by_ispconfig
cp /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt.gen_by_ispconfig
cp /root/ispconfig/httpd/conf/ssl.key/server.key /var/www/www.yourdomain.com/ssl/www.yourdomain.com.key
cp /root/ispconfig/httpd/conf/ssl.crt/server.crt /var/www/www.yourdomain.com/ssl/www.yourdomain.com.crt

8. If you require an intermediate certificate, copy the intermediate certificate your CA sent you into your ssl directory:
cp /path/to/gd_intermediate_bundle.crt /var/www/www.yourdomain.com/ssl/gd_intermediate_bundle.crt
and add this line to the apache directives for your web site in the ISPConfig control panel:
SSLCACertificateFile /var/www/www.yourdomain.com/ssl/gd_intermediate_bundle.crt

9. Log in to ISPConfig and restart the Web Server service if it hasn’t already been restarted from step 8.