Hi,

I have a webiste www.chillifire.net installed plus some subdomains, i.e. login01.chillifire.net with ISPConfig 2.1.18 on an Ubuntu 7.10 server. With http they direct to the specific folders /var/www/webx with x being the number of the virtual host. I have a SSl certificate installed for the www domain, which works well. I have one IP address on that server. So far so good.

When I tried reaching the subdomains under https I expected to see the certificate error warning screens from the browser, warning me that the url does not match the certificate's. What I did not expect is that the browser redirected in https to the folder /var/www/webx of the www.chillifire.net domain although the URL still shows https//login.chillifire.net.

Is this expected behaviour?

I understand that I need two IP addresses on an Apache2 server if I want two different certificates for two different domains.

But does this restriction count for subdomains as well?

What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.

Can this be achieved?

As usual, any hints/input are welcome.

Thanks

I don't run ISPconfig, but from what I know about Apache, this might work.

Here's a post I ran accross when I thought about trying the same thing.

http://www.howtoforgehttp://www.howtoforge.com/forums/showthread.php?t=4853&highlight=ssl+virtualhost.com/forums/showthread.php?t=4853&highlight=ssl+virtualhost

But does this restriction count for subdomains as well?

Yes.

What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.

This should work. But you will have to add all sub-domains a co-domain to the website which has the SSL certificate and the subdomains will not have its own directory.

erk

Thanks for the hint. I tried this out, but ran into the 'SSL overlap' error on stratup of apache2. So no go.

Thanks till, but I need the separate folders for security reasons - that was the whole point. So a second IP address, I guess.

Thanks for the input

What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.

chillfire, I would like to know how that cert worked for you. I was thinking about purchasing one or two for my servers for postfix+tls, pop3s, imaps, and ispconfigs apache services. All in one cert would be nice and more cost effective. I would think since each service was on a dif port and service it would work well. Like
cpanel.example.tld:81
smtp.example.tld
imap.example.tld
pop.example.tld
is that what you used yours for?

Hi,
no, that is not why I bought this. I use 'snakeoil' certificates for the email services and I do not think the user actually ver sees a difference.

I use the multi subdomain certificate for two web servers I have running on ISPConfig under different subdomain names. One server is 'front-of house' www.chillifire.net (http://www.chillifire.net)promoting my service, the other one login01.chillifire.net (http://login01.chillifire.net)is actually delivering the service.

Hope this helps.

Hi folks
I tried for several hours without find any solution. My problem is similar (or the same); I need to define a SSL certificate for each site of my subdomain i.e.:

main domain name: www.tryme.it
subdomain name:
sub1.tryme.it
sub2.tryme.it
sub3.tryme.it
[... and so on ...]

I discovered that if I create a certificate SELF-SIGNED for the first domain (doesn't matter what is the first, I mean: the first used for SSL...) the certificate will be stored inside the SSL folder, i.e.:

/var/www/sub1/ssl

well, all is ok and for that domain all works correctly.

But when I try to create another certificate for another domain ISPConfig tells me that 'there is another certificate for this IP address'.

But if I try a connection to a different site, i.e.:
https://sub3.tryme.it

the certificate proposed and used is the same of sub1 (see example above).

This situation could be replicated so that I believe this is very frustrating and limitating (infact I manage another domain with Plesk and for each domain I can create certificates without problems).

My colleague says that the creation certificate process have not to be based on IP address but instead on site name.

I'm not expert in this then I wait for an answer and to understand if there is a solution to apply, otherwise I'll be forced to look for another CP.

Thank you very much!

SSL certificates are always based on a domain name and not on a IP, thats the same in ISPConfig. But you need a dedicated IP for every site. This is a limitation in the apache webserver and not ISPConfig.

otherwise I'll be forced to look for another CP.

Thats totally up to you.

I appreciated ISPConfig and I think it is a good product.
My choice to change this CP could be linked to this aspect.
However I bought a virtual server and using Plesk I can create certificates without any limitation (I tried this morning). The IP is the same, so that I cant undestrand what you mean....
thank you very much for your intervention.

Gilas, if you dont believe me, read the apache documentation.

http://www.apache.org

If you use ISPConfig or not is up to you, so telling me that you will change to another control panel is up to you too and you will not get more or less help if you tell us that.

Pleask may use a patched apache server that supports more then one SSL Cert per IP, but the apache servers that were delivered with the linux distributions definately do not support it.

Please search the forums, you will find several thread for this.

Additionally, have a look here:

http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch

Dear Till
thank you for your help. Since 2006 I'm using ISPConfig succesfully.
Now I'm investigating to see if there is a solution for my host (manually or patch...)
See you

Dear Staff
thank you for your help. To solve this annoying problems may be this is the solution: (?)

http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/

if yes (I can try it...) and this is compatible with ISPConfig, should be useful make some documentation (howto).

Cordially

May be there is more than one method: I don't know what is simpler.
Don't forget Till post:

http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch