Enable SSL for the ISPConfig 3 Controlpanel Login

Hint: The procedure that is described below is for ISPConfig versions < 3.0.3. For newer ispconfig versions, use the builtin ssl certificate creation function of the ispconfig updater instead. The steps below should only be used to manually create a new SSL certificate in case that you can not run the updater on your installation.

The ISPConfig control panel login was running on HTTP by default on early ISPConfig 3 versions. This short tutorial shows how to enable SSL encryption (HTTPS) for the ispconfig vhost.

1) Make the directory for the SSL certificate:

mkdir /usr/local/ispconfig/interface/ssl
cd /usr/local/ispconfig/interface/ssl

2) Create the SSL certificate files

openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key

3) Enable the mod_ssl module

a2enmod ssl

4) Edit th ISPConfig vhost file

nano /etc/apache2/sites-available/ispconfig.vhost

and insert the following lines insert the fallowing lines between the "<VirtualHost ....></VirtualHost>" tags:

SSLEngine On
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

5) Restart apache2

service apache2 restart

The ISPConfig control panel login is now reachable on port 8080 by HTTPS.

Leave a Comment