I am writing this How-To because I did not find the information provided in DAs knowledgebase sufficient for me. Please note that I am using CentOS 5.5 64bit and DirectAdmin 1.35.1 and Apache 2.2.15, and that I was installing a RapidSSL certificate from GeoTrust. Also this How-To is for you who want to use SSL certificate on both the control panel, and also on the webapps, like phpMyAdmin, RoundCube and others, and also for you who want to force your customer to use https. This is not necessarily the best way to do it, but it is how I did it, and it works well for me.
First I went to http://help.directadmin.com/item.php?id=15 and did the first step described there:
But this only install self signed certificates. So to install your own certificate, you will then have to generate a certificate request that you will give to your certificate provider so that they can generate the certificate to you. But I was having a hard time finding the information about how to generate the certificate request. But finally I found it in the knowledgebase at this page: http://help.directadmin.com/item.php?id=256 I then did this using Putty:
When doing the above commands, you will be asked a lot of details about the owner of the certificate. For information about what you should answer on those questions, please see this page at DirectAdmin Site-Helper site: http://www.site-helper.com/ssl.html
When you are done answering the questons, the certificate request code will be displayed in Putty, you then take this code to your certificate provider, and they will generate the certificate and give you.
The next problem I then had, was that I did not know where I would find my RSA private key, this key was generated when you did the previous command in Putty. Finally I found it, it was generated and placed at this path:
You then have both your new certificate from your provider, and your RSA private key. You then replace the content in the following two files with those:
The next problem I had, was that the certificate was not installed for the webapps, but only for DirectAdmin control panel, in my webapps, like phpMyAdmin and RoundCube (I have installed them using custombuild), the https pages for those (after I had completed all the steps not yet mentioned in this How-To), was only using a self signed certificate. And I did not find information in the knowledgebase about this. Here is what I then had to do to install my certificate for phpMyAdmin and RoundCube too:
Find the following two files and replace the content in those with your RSA private key and the certificate given to you from your provider:
Then you go to usr/local/directadmin/conf/directadmin.conf and change SSL=0 to SSL=1 (as described at http://help.directadmin.com/item.php?id=15), and then add this new line to the same file (as described at http://www.directadmin.com/features.php?id=801):
Then you restart DirectAdmin and then you restart httpd – and your done!
One more thing I did was changing the hard coded http:// links in my Enhanced skin (for phpMyAdmin and the webmail apps) to https://, you will find all those hard coded links in these files (you can also use |HTTP|)
Related information about the hard coded http:// values is posted from DirectAdmin Support here http://www.directadmin.com/forum/showpost.php?p=166645&postcount=7 – but I did not experience these problems (and I have tested in all the five popular browsers, IE8, Firefox, Opera, Safari, Chrome) and responded DirectAdmin support post here http://www.directadmin.com/forum/showpost.php?p=182224&postcount=9
Then finally I wanted to force https on the webapps too, like phpMyAdmin and RoundCube, because the code ssl_redirect_host=host.name.com only forces this on the DirectAdmin panel itself. I did this with .htaccess:
I uploaded a new .htaccess file to this path: war/www/html/phpmyadmin/ (there is no .htaccess file presence in phpmyadmin). this .htaccess file have this content:
Then I edited the existing .htaccess file in RoundCube folder at this path: /var/www/html/roundcube/.htaccess – look for line number 30 wich looks like this:
On a new line just after that line, I added these two new lines:
The above will redirect/force https on phpMyAdmin and RoundCube. The problem with this, is that when you upgrade your webapps using custombuild, it will be overwritten, and you will have to add back the .htaccess file and code to them. Instead I would like to place one .htaccess file directly in /var/www/html folder, but I did not manage to figure out how to do this. Using only the .htaccess code from above, it did only work when placed directly in each webapps folder.
If you know how to write the .htaccess code so it works when placed directly in /var/www/html folder, please share this here. Thanks!
First I went to http://help.directadmin.com/item.php?id=15 and did the first step described there:
Code:
/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pemBut this only install self signed certificates. So to install your own certificate, you will then have to generate a certificate request that you will give to your certificate provider so that they can generate the certificate to you. But I was having a hard time finding the information about how to generate the certificate request. But finally I found it in the knowledgebase at this page: http://help.directadmin.com/item.php?id=256 I then did this using Putty:
Code:
/usr/bin/openssl genrsa 1024 > private.key
/usr/bin/openssl req -new -key private.keyWhen doing the above commands, you will be asked a lot of details about the owner of the certificate. For information about what you should answer on those questions, please see this page at DirectAdmin Site-Helper site: http://www.site-helper.com/ssl.html
When you are done answering the questons, the certificate request code will be displayed in Putty, you then take this code to your certificate provider, and they will generate the certificate and give you.
The next problem I then had, was that I did not know where I would find my RSA private key, this key was generated when you did the previous command in Putty. Finally I found it, it was generated and placed at this path:
Code:
/root/private.keyYou then have both your new certificate from your provider, and your RSA private key. You then replace the content in the following two files with those:
Code:
/usr/local/directadmin/conf/cakey.pem
/usr/local/directadmin/conf/cacert.pemThe next problem I had, was that the certificate was not installed for the webapps, but only for DirectAdmin control panel, in my webapps, like phpMyAdmin and RoundCube (I have installed them using custombuild), the https pages for those (after I had completed all the steps not yet mentioned in this How-To), was only using a self signed certificate. And I did not find information in the knowledgebase about this. Here is what I then had to do to install my certificate for phpMyAdmin and RoundCube too:
Find the following two files and replace the content in those with your RSA private key and the certificate given to you from your provider:
Code:
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.keyThen you go to usr/local/directadmin/conf/directadmin.conf and change SSL=0 to SSL=1 (as described at http://help.directadmin.com/item.php?id=15), and then add this new line to the same file (as described at http://www.directadmin.com/features.php?id=801):
Code:
ssl_redirect_host=host.name.comThen you restart DirectAdmin and then you restart httpd – and your done!
One more thing I did was changing the hard coded http:// links in my Enhanced skin (for phpMyAdmin and the webmail apps) to https://, you will find all those hard coded links in these files (you can also use |HTTP|)
Code:
usr/local/directadmin/data/skins/enhanced/header_bar.html
usr/local/directadmin/data/skins/enhanced/header_wide.html
usr/local/directadmin/data/skins/enhanced/user/db/db.htmlRelated information about the hard coded http:// values is posted from DirectAdmin Support here http://www.directadmin.com/forum/showpost.php?p=166645&postcount=7 – but I did not experience these problems (and I have tested in all the five popular browsers, IE8, Firefox, Opera, Safari, Chrome) and responded DirectAdmin support post here http://www.directadmin.com/forum/showpost.php?p=182224&postcount=9
Then finally I wanted to force https on the webapps too, like phpMyAdmin and RoundCube, because the code ssl_redirect_host=host.name.com only forces this on the DirectAdmin panel itself. I did this with .htaccess:
I uploaded a new .htaccess file to this path: war/www/html/phpmyadmin/ (there is no .htaccess file presence in phpmyadmin). this .htaccess file have this content:
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}Then I edited the existing .htaccess file in RoundCube folder at this path: /var/www/html/roundcube/.htaccess – look for line number 30 wich looks like this:
Code:
RewriteRule ^favicon.ico$ skins/default/images/favicon.icoOn a new line just after that line, I added these two new lines:
Code:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}The above will redirect/force https on phpMyAdmin and RoundCube. The problem with this, is that when you upgrade your webapps using custombuild, it will be overwritten, and you will have to add back the .htaccess file and code to them. Instead I would like to place one .htaccess file directly in /var/www/html folder, but I did not manage to figure out how to do this. Using only the .htaccess code from above, it did only work when placed directly in each webapps folder.
If you know how to write the .htaccess code so it works when placed directly in /var/www/html folder, please share this here. Thanks!
Last edited:
