Just one SSL web site per IP address
during my SSL certificates implementation, I have noticed this note in documentation:
"note that you can have just one SSL web site per IP address"
Doeas it really means, I can provide only for one customer SSL certificate?
Thank you in advanced.
yes on ssl per ip so if you have 5 sites wanting ssl u would need 5 ip for that server one ip per site and ssl cert
We've implemented SNI in recent ISPConfig versions which means you can have multiple SSL vhosts per IP. Modern browsers support this:
Browsers/clients with support for TLS server name indication:
Opera 8.0 and later (the TLS 1.1 protocol must be enabled)
Internet Explorer 7 or later (under Windows Vista and later only, not under Windows XP)
Firefox 2.0 or later
Curl 7.18.1 or later (when compiled against an SSL/TLS toolkit with SNI support)
Chrome 6.0 or later (on all platforms - releases up to 5.0 only on specific OS versions)
Safari 3.0 or later (under OS X 10.5.6 or later and under Windows Vista and later)
You can test your own browser here: https://alice.sni.velox.ch/
SSL IP configuration question
on the folder system/ip adresses, do I set external or internal Ip for the customers?
What's the right way when I'm behind a router with a server and I have an internal IP on the webserver?
Setting the 'wrong' IP can refuse apache2 from starting. On my fb-page I get the following error now:
Fehler 501 (net::ERR_INSECURE_RESPONSE): Unbekannter Fehler.
messing around with this SSL ; ) *uh*
when I read the guide here I'd think it can be right only to set the internal IP http://www.ispc-wiki.org/ispconfig3-anleitung
PS: I own the
ISPConfig 3 Manual
Version 1.2 for ISPConfig 126.96.36.199
Author: Falko Timme <email@example.com>
Last edited 05/04/2011
but it's not explained here how to set it right
UPDATED: set the internal IP, deleted & re-create the certificate and after a few minutes facebook accepted the certificate again.
The problem is the fact that I'm the only 'client' who can create the certs due to the unique IP overlap, otherwise you'll see:
Is it possible to fix the message sec_error_untrusted_issuer?
Hm, now I found all domains redirected directly to my IP instead of the website folders, it's annoying : (
|All times are GMT +2. The time now is 05:52.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.