HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSL Host - Intermediate Cert (http://www.howtoforge.com/forums/showthread.php?t=47506)

Ben 23rd July 2010 12:49

SSL Host - Intermediate Cert
 
Hi folks,

does anybody know, if ISPConfig 2 supports providing an intermediate certificate?
I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file.

thanks in advance.

Ben

falko 24th July 2010 13:26

Quote:

Originally Posted by Ben (Post 234520)
I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file.

That's right, you must modify the Apache configuration manually.

Ben 24th July 2010 16:31

Hi Falko,

the apache config or the template for the config?
Last would be kind of bad as it must be changed each update of ispcfg and does only work for the assumption of using only one ssl cert on the whole host (which is at least no problem for me :) )

Does it make sense to add another textbox in the ssl config interface, as many of the CAs tend to intermediate CA certs.

falko 25th July 2010 14:53

I'm not sure - but maybe you can include the intermediate certificate in the main Apache configuration? In that case you don't have to modify the template. (BTW, you could place the customized template in /root/ispconfig/isp/conf/customized_templates, and it will not be overwritten in case of an update.)

Ben 28th July 2010 23:46

good idea, but except "{SSL}" there is nothing in the vhost master template?!

EDIT: Ok it did work more or less. I added the Intermediate CA line below {SSL} with the result having this line in each vhost block instead of just in the ssl block. Luckily apache does not complain about this. Is there a better way to customize the ssl block directly?

till 29th July 2010 11:37

Quote:

Is there a better way to customize the ssl block directly?
The only other way might be to edit the function in config.lib.php file that creates the ssl block. If I remember correctly, it is named make_vhost. But then you might have to patch the file after every ispconfig update, so this solution is not ideal too.

Ben 29th July 2010 12:26

As I have to patch one line regarding the safe mode and the open_basedir paths I think about patching only one line for an include to the additional config. But thanks for the info.

hairydog2 14th February 2011 12:53

a possible fix?
 
I have a few sites that use SSL and I needed to add an intermediate certificate as certificates are renewed.

So putting an intermediate certificate reference into the vhosts file was never going to be a solution.

I have simply put the line

SSLCACertificateFile /home/www/cabundle.crt

into apache2.conf

and it seems to be working OK.

hairydog2 28th February 2011 12:44

Quote:

Originally Posted by hairydog2 (Post 251113)
and it seems to be working OK.

Two weeks later and it is still working just fine, so it seems like this is a good fix!


All times are GMT +2. The time now is 19:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.