PDA

View Full Version : self certified ssl

krakoukas
25th September 2006, 03:29
I am looking on creating self signed SSL certificate to use with each site created by ISPConfig.
Like http://www.tc.umn.edu/~brams006/selfsign.html

I can make SSL using admin ISPC interface, but it has to be signed by the CA.

Do you have an idea on how to have this SSL created at the same time of the web site using remoting?
till
25th September 2006, 11:00
I am looking on creating self signed SSL certificate to use with each site created by ISPConfig.
Like http://www.tc.umn.edu/~brams006/selfsign.html

I can make SSL using admin ISPC interface, but it has to be signed by the CA.

ISPConfig creates self signed certificates, they work even when they are not signed by a CA.


Do you have an idea on how to have this SSL created at the same time of the web site using remoting?

SSL certs are not supported by the remoting framework yet.
krakoukas
25th September 2006, 12:04
Ok, understood. I have created 2 client account, each one with one site.
Everything is ok for generating SSL for the first one, but when I try to add SSL to the second one: it says that a certificate already exists for this IP address.

If the server only has one IP, only one web site can have SSL enable?
When I use https://site2.domain.com, it gives me the pages on site1...

Isn't it possible to have SSL for each site?
falko
26th September 2006, 17:46
No, you can have only one SSL web site per IP address. It's a limitation of the https protocol.
krakoukas
26th September 2006, 19:28
I am surprised... I saw a tutorial on vhost configuration for apache2:

NameVirtualHost 192.168.1.1:443

<VirtualHost bisness.alex.fr:443>
ServerAdmin webmaster@alex.fr
DocumentRoot /var/www/bisness
ServerName bisness.alex.fr
ErrorLog /var/log/apache2/bisness.alex.fr-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/alex.crt
SSLCertificateKeyFile /etc/apache2/ssl/alex.key
</VirtualHost>

<VirtualHost secure.alex.fr:443>
ServerAdmin webmaster@alex.fr
DocumentRoot /var/www/secure
ServerName secure.alex.fr
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/alex.crt
SSLCertificateKeyFile /etc/apache2/ssl/alex.key
</VirtualHost>


I don't know if it works, but I will give it a try.

You are right apache doc says that it is not possible with only one IP, but may be it is OK if we use the same SSL key?? Here is a clue: http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
2 solutions:
- Use different SSL port for each site
- If all the sites are in the same domain, create a wildcard ssl key and use the same key for all the sites.