HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSL Multiple domains (http://www.howtoforge.com/forums/showthread.php?t=6850)

Randy 14th September 2006 09:26

SSL Multiple domains
 
Hi all,

I've read many posts regarding ssl configuration with ispconfig but I haven't found the answer I need yet.
I have two registered domains pointing to the same public IP-address. This address is natted to my opensuse 10.1 server. The server has two internal ip adresses bound to one nic. (one = virtual). Now, I can only have one ssl certificate per ip-address (so I've read). If I configure a second domain in ISPconfig with the second address, I get the message "This address is shared" in the browser. If I configure the sites with the same address then I can only have on domain with ssl.
Question: Can somebody please tell me how I can configure all my site to be able to use ssl? Is it even possible.
Any answer would be immensely appreceated for I have been struggeling for quite a while now.
Highest regards,
Randy

till 14th September 2006 09:28

If you want to use more SSL sites, you need more external IP addresses.

This is a limitation of the SSL protocol in apache, not of ISPconfig!

Randy 14th September 2006 09:45

Whow,

Thanks for the quick reply!!!
Ok, so I have to get more external addresses to get this done. But is it also not possible to configure the second site with the virtual ip-address? Because I haven't used ssl with the second site yet and get the message about the shared ip adrress in the browser. When I confugre all the sites with the same address, theres no problem.

Randy

till 14th September 2006 09:53

Quote:

Originally Posted by Randy
Ok, so I have to get more external addresses to get this done. But is it also not possible to configure the second site with the virtual ip-address?

That is possible if you do not want to access the site from outside your local network.

Randy 14th September 2006 13:55

Thanks for all your answers.
I've implemented both sites on 1 ip address now where only the first domain has an ssl certificate. Both are accesible through http. On the internal network all is ok.The strange thing that happens now is that when I access the first site externally with https://.... I get the second site in my browser. Turn me upsite down, but where have I gone wrong... Or does namebased virtual hosting not work externally here because of your earlier pointers. Please keep in mind that if you look up the word "expert" you won't find my picture as part of the explanation.....;-).

regards,

Randy

falko 15th September 2006 10:00

The problem is that a normal router can forward a port (like port 80) to only one IP address, not to two different ones.

pablito 15th September 2006 15:01

If you have multiple external IPs (you're lucky) then it should be easy to do properly. You also need multiple IPs on the internal box (which everyone can do). Create additional non conflicting IPs on your server and tell ISPConfig about it. When setting up the 2nd/3rd etc server needing SSL configure it to use a new IP. At the router you would port forward each external IP to the approriate internal IP so that it points to the correct SSL server.

You can simulate the same behaviour by using different port numbers from the outside that forward to standard port 443 on the inside but go to one of the unique internal IPs. Having unique external IPs is best if you have them.


All times are GMT +2. The time now is 10:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.