Hi,

We have a website (https://www.imunostar.pt/) that work's with the Verisign Certificate. How can we implement this certificate on a domain in the ISPConfig?

We have to follow some insctruction that verisign gave us for create a crt to send it to them. Then they send us one crt that contains the correct certificate.

Keep the good working. This Framework is very cool.

Please have a look here: http://www.howtoforge.com/faq/14_49_en.html :)

Thanks for your quied anwser.

Just one more thing. If i want to do this in more than one domain.tld, i have to configure my ISPConfig by this howto (http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch), How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions, ore there is no need configure this?

Did this solution funcion on ISPConfig defualt?

You dont have to recompile apache, you can add one SSL website per IP address in ISPConfig without any modifications in apache if you have enough free IP addresses.

Hi,

I just have one server, with one NIC, and one IP.

I installed ISPConfig on that machine. I have 4 clients that i have to give HTTPS access with the certificate from verisign.

With this cenario, i need the apply the patch?

With this cenario, i need the apply the patch?
I think so, but I haven't tried this tutorial yet.

Falko -

Do you have any plans on doing a HOWTO for this using Fedora? :D

Maybe... :)

Cool...that would be awesome.

Can you at least give me a hint... what are the ./config parameters for openssl using openssl-0.9.8g? Is it ./config prefix=/usr/local --openssldir=/usr/local ?

When CSRs are generated, do they use a blank passphrase? I haven't been able to find any info on passphrases.

Thanks,
--Chris

Hi,

I can create the SSL cetificates for more than one domain.
It gave allways the Shared IP page. I need to solve this problem. I Apply the patch (http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch)
And it seems allright. But when i follow this (http://www.howtoforge.com/faq/14_49_en.html) instructions, i'm unable to put the https ok. It allways appears the Shared IP page.

How can i solve this problem? I whant to pass the domain imunostar.pt with https enable on the ISPConfig, but i'm unable do complete this thing.

Falko, can you please help me, please? I dont know what else can i do.

Hi,

I found an error in /var/log/apache2/error.log:

[Tue Dec 18 12:00:17 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Dec 18 12:00:17 2007] [warn] RSA server certificate CommonName (CN) `WWW.LIZ-ONLINE.PT' does NOT match server name!?
[Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: icaro.liz-online.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:64) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713)
[Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: localhost:443 (/etc/apache2/apache2.conf:725) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713)
[Tue Dec 18 12:00:17 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

I apply the patch, so, why it gave-me this error?

Now i remove all my SSL sites, and creat just one (www.imunostar.pt), with the certificate from VeriSgn. My Apache2 hang's... when i tried to force-reload it, it five me a Failed.

If i remove the certificate from the domain, the apache started correctly with out no problems.

I need to put this on. Sorry for being a pain in the ass, but i need to solve this problem.

Are you sure that you do not have more then one SSL vhost per IP? Please make sure that you have just one SSL vhost configured in ISPConfig and that you do not have any manuylla configures SSL sites in your apache configuration.

Hi,

Till tanks for the quick anwser.
I just configure the How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions.

There is a point (point4) in the how-to that tell us to create the following:

Create a default secure site that users will see if they are using a non RFC 4366 compliant browser.
mkdir /var/www/sharedip/ssl
cd /var/www/sharedip/ssl
openssl genrsa -des3 -passout pass:yourpassword -out 192.168.1.2.key2 1024
openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -out 192.168.1.2.csr -days 365
openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -in 192.168.1.2.csr -out 192.168.1.2.crt -days 365
openssl rsa -passin pass:yourpassword -in 192.168.1.2.key2 -out 192.168.1.2.key
chmod 400 192.168.1.2.key

then...
Edit /etc/apache2/apache2.conf and place this above Include /etc/apache2/vhosts/Vhosts_ispconfig.conf
NameVirtualHost 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
ServerName localhost
ServerAdmin root@localhost
DocumentRoot /var/www/sharedip
SSLEngine on
SSLCertificateFile /var/www/sharedip/ssl/192.168.1.2.crt
SSLCertificateKeyFile /var/www/sharedip/ssl/192.168.1.2.key
</VirtualHost>

Ok all teh toturial is done.

Now, i create a domain.tld and enable SSL suporte.
Then i create a certificate, and copy the certificate that verisign sent to me.
After i save the certificate, the apache2 hang up.

I realy dont know what is appening.....

And you are really sure that you replaced the apache server with the new server compiled in the howto? Maybe the patch did not apply correct as your current apache seems not to support multiple SSL certs per IP address.

Hi Guys, Is the How to available for fedora yet?

Also,

I have a dedicated IP direct to the server. Would it be possible to setup Virtual IPs and use them for SSl certificates? If so. is there a "How To"?

Thanks

What do you mean with "Virtual IPs"?

Hi Folko,

What is a best way to do this. I am trying to avoid buying IP addresses to set up SSL enabled sites.

1. I read about “Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions”
However, I do not how to do this on Fedora 8???
2. I can create Virtual IPs (Just another name for local addresses such as 10.0.0.1 etc… and make them an alliance of the Static IP I have.

I am not sure if this will work as technically the IPs will be local???

Well, hope you can guide me to accomplish the set up SSL enabled sites with one IP.

Thanks,

Ramin

Well, hope you can guide me to accomplish the set up SSL enabled sites with one IP.


I've never tried this, and I still think this is not possible...

Hi Falko & Till,

How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions

Can this be done for fedora? If So, how.

With many thanks