HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   SSL, problems with certificate creation and usage (http://www.howtoforge.com/forums/showthread.php?t=60620)

Bonzo 20th February 2013 10:35

SSL, problems with certificate creation and usage
 
Hi,

I've installed 2 Systems according to this HowTo

http://www.howtoforge.com/installing...th-ispconfig-3

Now I have problems creating SSL certificates, for now I use self-signed but in the future I will use official signed certificate.
I have a domain example com.
If I create a domain example.com with Auto-subdomain No, or www, or a domain www.example.com wit Auto-Subdomain No, I can't use https (after I checked and created the SSL-cert, ispconfig). I get this error.

Code:

Secure Connection Failed

An error occurred during a connection to example.com.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

If I create a domain test.example.com, with Auto-Subdomain No, create SSL if works like a charm. Why it's possible to to create test.* but not *. or www. ?

Is it possible to create 2 certificartes, one for one Serve, one for the other?
One (sub)domain pointing to 2 different IP's?

till 20th February 2013 10:44

Quote:

If I create a domain test.example.com, with Auto-Subdomain No, create SSL if works like a charm. Why it's possible to to create test.* but not *. or www. ?
SSl Cert for www subdomain works fine on my server. A ssl cert is only for one domain, so dont use wildcards. Did you delete the ssl cert before you created a new one?

Quote:

Is it possible to create 2 certificartes, one for one Serve, one for the other?
Sure. you can use as many ssl certs on your server as you want. Just create a new website for each domain or subdomain that you want to have its own ssl cert and create a new cert. Please note that you have to use SNI if you dont have a dedicated IP for each ssl enabled site.

Quote:

One (sub)domain pointing to 2 different IP's?
One domain or subdomain can only point to one IP at a time. But thats not ssl related.

Bonzo 20th February 2013 11:01

Quote:

Originally Posted by till (Post 292318)
SSl Cert for www subdomain works fine on my server. A ssl cert is only for one domain, so dont use wildcards. Did you delete the ssl cert before you created a new one?

Yes, deleted. I create the subdomain www.example.com in Website-Websites, not Subdomains for Website, is this OK?
I didn't use wildcards.


Quote:

Originally Posted by till (Post 292318)
Sure. you can use as many ssl certs on your server as you want. Just create a new website for each domain or subdomain that you want to have its own ssl cert and create a new cert. Please note that you have to use SNI if you dont have a dedicated IP for each ssl enabled site.

Is this maybe the problem, I don't know what SNI is. Is there a howto for enabling this?


Quote:

Originally Posted by till (Post 292318)
One domain or subdomain can only point to one IP at a time. But thats not ssl related.

Ok, I think I have to tell you what this server is intended for, for clarification.
It should be a sem-HA solution for the poor. Thats why I used your clustered setup.
Now, I have the Domain example.com and A records for www (some DNS provider) somethiong like

www A 1.2.3.4
www A 5.6.7.8

With this configuration (one subdomain points to different IP's) i get some round-robin LoadBalancing.
Thats working OK. But I think I'll have a problem with SSL.
www on both IP's should be certificated. Is this possivble. certificeate domain www.example.com for 1.2.3.4 and for 5.6.7.8

Actually, I don't need this LoadBalancing. All I need is a solution if the first Server is not reachable switch to the second Server and switch back to the first server when reachable again. I read your clustered solution and build everything around this. And it worked OK till I needed to uses certificates.
Maybe you have an idea how to do this better?

till 20th February 2013 11:06

Quote:

Yes, deleted. I create the subdomain www.example.com in Website-Websites, not Subdomains for Website, is this OK?
Yes, thats ok. But you wont create www.example.com as website, the correct settings are:

domain: example.com
auto subdoman: www

to get a website for www.example.com

Quote:

With this configuration (one subdomain points to different IP's) i get some round-robin LoadBalancing.
Thats working OK. But I think I'll have a problem with SSL.
This does not matter for ssl as ssl does not depend on the IP. Just the domain name the ssl cert is issued for matters.

Bonzo 20th February 2013 11:25

Ok, i tried some other configuration and it is probably because the only one dedicated IP i have.
It's possible to create and use only one subdomain with one IP? Correct?

What is SNI you mentioned, is this a server extension? Any HowTo at Howtoforge?

till 20th February 2013 11:55

Quote:

It's possible to create and use only one subdomain with one IP? Correct?
You can have only one ssl certificate per IP address with traditional ssl.

Quote:

What is SNI you mentioned, is this a server extension? Any HowTo at Howtoforge?
See wikipedia and various posts here in the forum.

http://en.wikipedia.org/wiki/Server_Name_Indication

You dont need a special configuration for sni. sni is supported by default in ispconfig. What matters are the bwowsers of your user and the openssl and apache version on your server as decsribed at wikipedia.


All times are GMT +2. The time now is 00:55.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.