Page 1 of 3 123 LastLast
Results 1 to 20 of 48

Thread: SSL control panel logins

  1. #1
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326

    SSL control panel logins

    after looking at the API,

    DirectAdmin Uses port 2222 which may or may not be secure (SSL). The default is not, so if you need to choose one, choose non SSL. Authentication is basic web authentication using base64 encryption of "usernameassword"

    How easy is it to put the logins under SSL?

    I would personally prefer logging in under secure space, even it it wasn't with a trusted cert.

    Chris

  2. #2
    Hi Chris,

    To enable SSL, edit the directadmin.conf file located it /usr/local/directadmin/conf/directadmin.conf and change the value SSL=0 to SSL=1. You need to make sure you've created the certificates as described at the bottom of the install guide http://www.directadmin.com/installguide.html under "Setup SSL Certificates"

    Then restart DirectAdmin:
    service directadmin restart

    John

  3. #3
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326
    it hasnt stopped yet!

    evertime i ask a new question it makes me want it even more. (and the secrets are still being revealed )

    Chris

  4. #4
    I might add, that at this time, our autoupdate feature will try to connect to DirectAdmin using a regular connection, meaning non-https, so if you have it enabled, your panel will never know that it should go update. You can just keep an eye on the current available version # and click "update" from the licensing screen... that is, until we get the updater to also try https when http fails.

    John

  5. #5
    Join Date
    Aug 2003
    Posts
    575
    Hi,

    Is it possible to use https://IPADDRESSHERE:2222 to access the control panel using SSL?

    When I goto https://IPADDRESSHERE/ I get the 'apache functioning normally' and the SSL cert works fine (although it does show as being registered by the 'Snake Oil Company' oddily enough.

    When I try https://IPADDRESSHERE:2222 I get 'error loading certificate' on the page.

    I followed your instructions on the installation page to the letter, I've checked over them and tried them again and it's still not working. I also edited directadmin.conf and restarted DA.

    Any ideas?

    Thanks,
    Matt

  6. #6
    Hello,

    It should be working. Check the DA error log for possible clues:
    /var/log/directadmin/error.log

    generally, it's either incorrect permissions, filenames or certificates.

    John

  7. #7
    Join Date
    Sep 2003
    Posts
    79
    can u still use the http:// login when you have https:// enabled?

  8. #8
    Join Date
    Aug 2003
    Posts
    575
    Tried it again, and it worked! I think the problem was that when it was asking for details (like organisation, address etc) I'd set most of them to blank. When I tried it again, I filled the fields

    Thanks!

    Matt

  9. #9
    Join Date
    Aug 2003
    Posts
    575
    Jason: No... just tried it

    Matt

    P.S. When I get a secure cert from GeoTrust, will it work ok with the DirectAdmin cp too?

    Anything particular I need to do to make it work with :2222?

    Cheers,
    Matt

  10. #10
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326
    to replace your default cert with a genuine one (from geotrust) look for the crt and key files currently used by DA then replace with your new ones........... should work.... make sure you make backups

    /etc/httpd/conf/ssl.crt/server.crt
    /etc/httpd/conf/ssl.key/server.key

    Chris
    OptimumServers » Managed Dedicated Servers & General Systems Management » Coming Soon!
    ProWebUK - Quality Web Services
    DirectAdmin Server Checklist

  11. #11
    Join Date
    Aug 2003
    Posts
    575

    Lightbulb

    Thanks Chris

    We need more smilies on here

    Matt

  12. #12
    Hi guys

    Just to let you know that I've figured out CA Root Certificates, so we can all get rid of that darn SSL popup window in our browsers

    http://www.directadmin.com/features.php?id=198

    just add:
    carootcert=/path/to/carootcert

    in your directadmin.conf (if you use ssl)

    John

  13. #13
    Join Date
    Aug 2003
    Posts
    575
    Sorry I'm not clear on what a CA root cert is - does this only apply for people who have purchased a proper cert? Or is this for anyone who uses a self-signed cert for DA?

    Cheers,
    M

  14. #14
    Hello,

    Yes, it only applies for valid purchased certificates. It's the additional certificate that works with the regular cert to convince a browser that the site it legit, thus preventing the certificate popup window when accesing an https site for the first time.

    John

  15. #15
    Join Date
    Aug 2003
    Posts
    575
    Hi John,

    When DA uses a secure cert for the control panel interface, is it picky about the key used?

    Just because I've gotten my cert to work fine with normal http addresses, but when I use it with DA it comes up 'error loading key'.

    I was wondering if this is because my key is encrypted. When I restart httpd, it asks for my passphrase. I was thinking maybe DA is trying to use the key but can't because of the encryption.

    Any ideas?

    Thanks
    Matt

  16. #16
    As long as the key/cert pair are valid, just make sure that DA has read permissions on them. They both have to be readable by user "diradmin". If you've pointed the path to your apache key/certs, then you might have to either set it world readable, or set the group (or owner even) on the cert to diradmin. (apache uses root, so it won't care). If you using the cert/key in the conf directory, then it's probably just a simple "chown diradmin:diradmin keyfile; chmod 600 keyfile" issue.

    John

  17. #17
    Join Date
    Aug 2003
    Posts
    575
    Hi,

    I've tried using copies of the key and crt in the DA conf directory, and I've tried pointing the directadmin.conf path to the main server cert and key files under the /etc/httpd/conf/ssl.*/ directories.

    In both cases I chowned them to DA and set chmod 600.

    Still not working.

    Matt

  18. #18
    Ok, just make sure that the paths that lead down to the cert and key are all at least chmod 711, if in doubt, you can just test it with:

    chmod -R 755 /etc/httpd

    that might open it up more than you need to, but it will gurantee the permissions will work. Then just secure it back up after you know it works.

    John

  19. #19
    Join Date
    Aug 2003
    Posts
    575
    What permissions should I change it back to once I've sorted it?

    Cheers,
    Matt

  20. #20
    I think the only file you *need* to lock back up is your key, so
    /etc/httpd/conf/ssl.key/server.key
    should be only readable by root and diradmin

    John

Page 1 of 3 123 LastLast

Similar Threads

  1. Do I need any other control panel
    By jnet in forum DirectAdmin General Discussion
    Replies: 8
    Last Post: 01-08-2009, 12:12 PM
  2. Dns control panel.
    By mangelot in forum DNS
    Replies: 0
    Last Post: 06-08-2008, 05:16 AM
  3. DA Control Panel in SSL ?
    By alexccy in forum General Technical Discussion & Troubleshooting
    Replies: 3
    Last Post: 09-07-2007, 08:26 AM
  4. dns control panel
    By Chrysalis in forum Feedback & Feature Requests
    Replies: 0
    Last Post: 06-16-2005, 01:28 PM
  5. Control Panel
    By Keltic in forum DirectAdmin General Discussion
    Replies: 1
    Last Post: 11-15-2003, 04:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •