Ubuntu – Installing a SSL certificate

ssl

I have ISPConfig3 installed on my server. I've never installed an SSL certificate before, especially with ISPConfig3.

I am trying to install the default domain certificate and I was given 4 files.

I have a few questions:

  1. Which files do I need to modify? Do I need to do anything specific to ISPConfig3? I read that the files I need to modify are in this directory:

    /etc/apache2/sites-enabled

    I have four files in here:

    • 000-apps.vhost
    • 000-default.conf
    • 000-ispconfig.conf
    • 000-ispconfig.vhost

  2. What do I put in them? I was given four files:

    • AddTrustExternalCARoot.crt
    • COMODORSAAddTrustCA.crt
    • COMODORSADomainValidationSecureServerCA.crt
    • experiencedhosting_com.crt

    I'm not sure what I put where.

  3. Do I have to do anything special for OpenSSH?

Any help would be greatly appreciated!

Best Answer

You do not need to modify any of those files..

Ill run you through the full process on how to setup so it may help new users using ISPConfig,

On ISPConfig3

on, Sites, and then clicking your domain, and the SSL Tab, Now, entering your SSL info and clicking the SAVE button to generate a SELF SIGNED SSL CERT,

for the “SSL Key”, “SSL Request” and “SSL Certificate” to appear.

(may take up to 2 mins or less to appear)

When asked for the CSR code for SSL on your website site, You copy the SSL Request into the CSR code box from ispconfig3 and your website SSL section to comodo's website CSR code box..

Please note that the certificate signing request (CSR) code, is in the "SSL Request" field.

To better familarize you, The “RSA Key” is in the “SSL Key” field.

At some point Comodo will send an email with the activation code and instructions where to enter it. This is a sample email:

**Domain Control Validation for www.example.com
Dear your-email@whatevermail.com
We have received a request to issue an SSL certificate for www.example.com.
    Please ignore this email if neither you nor a trusted colleague made this 
request for a certificate 
    Otherwise, please browse here and enter the following "validation code":
    JH9Jrdtejfvsaas6234rgjfse7wjhge7

Click on the link and enter the validation code. After a few minutes Comodo will send you another email with an attachment containing four text files you were mentioning:

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
www_example_com.crt

The trusted SSL Certificate is part of this email.

Download and extract to your PC,

inside the www_example_com.crt file.

edit it with your text editor (notepad++ if on windows or vi, nano etc on linux.)

and Copy all code into the “SSL Certificate” field, in IspConfig3.

The other three files are used to create the “SSL Bundle”. 

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

You need to combine the files in the following order to use on Ispconfig3.

Again using your text editor: Open all these files:

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

Combine all of them... To Combine, Copy all code from each file, One by One In Order, into a new text file, to be sure you have everything correct.

combining should look something like this:

-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----

After you combine the three files of code in one file, Copy all the code, and enter the text in the “SSL Bundle” field.

Select “Save Certificate” and click SAVE. (Wait 2 mins or less for changes,)

then Use this tool to check if the SSL was correctly installed: https://www.sslshopper.com/ssl-checker.html

Use this tool to check if the installed SSL is of type SHA-2: https://shaaaaaaaaaaaaa.com/

Related Question