Adding an SSL certificate

Submitted by budgierless on Sat, 09/04/2010 - 13:55

Can you tell me a step by step way to add an SSL certificate for an email/domain because i getting confused with the documents that i have seen on the web, some are saying add to postfix some also saying add to Apache then some say add to control panel,

can i have a step by step instruction please so i know that it will be right so that i dont mess my server.

thankyou

Forums: 
Ehcp General, uncategorized yet

ehcpdeveloper

Sun, 09/05/2010 - 13:37

ssl ceritificates are of two kind.
1. self signed ceritificates,
2. certificates that are signed by one of known authorities.

the first one may be automatically generated in ehcp. (ehcp gui->options->fix apache config with ssl, may be dangerous in some cases). as name implies, this is self signed, so, it is not globally known/accepted, so, users will get warned when they come to your site.

the second is commercial, and you need to buy a certificate from somebody.
activation of this is not so straightforward in ehcp.
a. ehcp gui->options->fixapache config with ssl,
b. you need to prepare server.key and server.csr files as described in seller's site.
then, put these files in ehcp dir. (this way, apache will use these files.)
c. restart apache : /etc/init.d/apache2 restart

this way, you may make it work. no direct other way, as of now, unfortunately, as far as I know.

budgierless

Sun, 09/05/2010 - 15:41

I am talking about,
2. certificates that are signed by one of known authorities.

{b. you need to prepare server.key and server.csr files as described in seller's site.
then, put these files in ehcp dir. (this way, apache will use these files.)}

Should the files be placed in the root of the ehcp dir? for example: /vhost/ehcp/

also, the ssl certificate i buy is for an one particular email or domain, are you saying that this will then set it for all my domains because its in the ehcp dir? would the ssl even work if that is the case?

ehcpdeveloper

Sun, 09/05/2010 - 15:56

yes, place files in ehcp dir.
yes, it will be available by all domains,by default. you may change it, by editing apachetemplate file used for apaceh ssl configs.

ehcp uses apachetemplate file for building apache config files.
it is used by all domains.
if you click on "edit apache template for this domain" after choosing a specific domain, in ehcp gui, only that domain will be affected.

so,
if you want to use the certificate for only a specific domain, then, edit that domain's apache config, in ehcp gui->"edit apache template"

budgierless

Mon, 09/06/2010 - 00:41

i clicked (ehcp gui->options->fix apache config with ssl) now my server is not working, please how do i fix this?

ehcpdeveloper

Mon, 09/06/2010 - 00:53

you have something wrong in your apache configs.

in this: http://ehcp.net/?q=node/897
apply command for fixapacheconfignonssl

budgierless

Mon, 09/06/2010 - 02:00

i applied them settings, but was not working so i tried to restart apache, but when i put command: /etc/init.d/apache2 restart, i got error no listening sockets available, apache shutting down.

update: still not working but forgot to say about the error code when i was you using mysql -p, the rest non-SSL mod gave me error 1064 (42000) you have an error in your SQL syntex.

budgierless

Mon, 09/06/2010 - 13:31

thanks for fixing problem for me.

ehcpdeveloper

Mon, 09/06/2010 - 13:42

I realized that, the problem with ssl is your local ip.
since your server does not have a real ip, ssl could not be enabled.
I will try to solve this tonight.

budgierless

Mon, 09/06/2010 - 18:59

i not sure what you mean, i have a static external IP, is that not a real one? also when you figure out how to fix this, will you be adding this into next version of EHCP for other members or do they not need it?

budgierless

Sat, 11/27/2010 - 14:34

hi, so far, all work with SSL has been for domains (https)

but what about adding SSL certificates to email address? how can this be installed per email?