so I decided to purchase a ‘real’ SSL certificate for my IPFire installation and as it was the cheapest one I could find I went with ssls.com… so far so good.
But, if you follow the instructions, one problem remains: if you chose to upload the verification file any confirmation will fail as IPFire uses ports 81 and 444 for the webinterface. To resolve that issue, at least temporarily we will excute the following steps:
(1) if you contact the firewall from the ‘outside world’ make sure you add exceptions for ports 80 and 443
(2) upload the provided file to /srv/web/ipfire/html/
now the fun starts…
modify the ports in
/etc/httpd/conf.d/vhosts.d/ipfire-interface.conf and ipfire-interface-ssl.conf
now our apache would not know, which ports it is configured for, however, unless you change the
as well nothing will happen…
Now execute a /etc/init.d/apache restart
once your certificate is ready, replace the certs in /etc/httpd, change back the ports and reload the service… your purchased cert should now be used.
Update: IPfire seems to replace der server.crt sometimes when being updated… in that case you might have to overwrite the certificate again and restart apache.