This posting covers a problem with installing a cert and verifying it on ipfire, since the port 80 and 444 ports are used for the firewall. The service this guy used needed those ports open to do the cert install.
However it is useful to note that it names the method used for moving those ports out of the way as well from other posts here.
Also the site letsencrypt has free certs. Looks like possibly only one cert for a server is required to convert to using https regardless of how many servers one has on a site. need to investigate.
https://gpcn.org/?tag=ipfire-certificate
IPFire versus SSLCerts
so I decided to purchase a ‘real’ SSL certificate for my IPFire
installation and as it was the cheapest one I could find I went with
ssls.com… so far so good.
But, if you follow the instructions, one problem remains: if you chose to upload the verification file any confirmation will fail as IPFire uses ports 81 and 444 for the webinterface. To resolve that issue, at least temporarily we will excute the following steps:
(1) if you contact the firewall from the ‘outside world’ make sure you add exceptions for ports 80 and 443
(2) upload the provided file to /srv/web/ipfire/html/
now the fun starts…
modify the ports in
/etc/httpd/conf.d/vhosts.d/ipfire-interface.conf and ipfire-interface-ssl.conf
now our apache would not know, which ports it is configured for, however, unless you change the
/etc/httpd/conf/listen.conf
as well nothing will happen…
Now execute a /etc/init.d/apache restart
once your certificate is ready, replace the certs in /etc/httpd, change back the ports and reload the service… your purchased cert should now be used.
Update: IPfire seems to replace der server.crt sometimes when being updated… in that case you might have to overwrite the certificate again and restart apache.
But, if you follow the instructions, one problem remains: if you chose to upload the verification file any confirmation will fail as IPFire uses ports 81 and 444 for the webinterface. To resolve that issue, at least temporarily we will excute the following steps:
(1) if you contact the firewall from the ‘outside world’ make sure you add exceptions for ports 80 and 443
(2) upload the provided file to /srv/web/ipfire/html/
now the fun starts…
modify the ports in
/etc/httpd/conf.d/vhosts.d/ipfire-interface.conf and ipfire-interface-ssl.conf
now our apache would not know, which ports it is configured for, however, unless you change the
/etc/httpd/conf/listen.conf
as well nothing will happen…
Now execute a /etc/init.d/apache restart
once your certificate is ready, replace the certs in /etc/httpd, change back the ports and reload the service… your purchased cert should now be used.
Update: IPfire seems to replace der server.crt sometimes when being updated… in that case you might have to overwrite the certificate again and restart apache.
No comments:
Post a Comment