need some help with SNI and startssl
I'm running ISPCFG 3.0.5RC2 and am having some trouble understanding SNI:
Under System => Server Config => server => Web => SSL Settings I have checked the boy next to "Enable SNI" but what exactly goes into: "CA Path" and "CA passphrase"?
Now if I am going to configure a vhost with SSL via Sites => select vhost => check "SSL" then go to the SSL tab and fill in the fields I am struggling finding out what to put into "SSL Bundle"
I have signed up with startssl.com and can generate certificates there so I have all the info but not sure where/what to fill in. Yes I have found the howto that deals with startssl.com but it doesn't help so please don't just point me there.
Is this scenario I have in mind doable:
- check SNI, then create a class2 certificate via startssl for each vhost that needs it, class2 because I'll generate a certificate that is valid for *.domain.tld
Yes, I know SNI is not fully supported everywhere but where I rent my root server from I can only get 2 IPs.
Lets assume the above scenario works, what/which SSL certificate do I then use for securing emails and FTP? Can I additionally create a wildcard/multi-domain certificate from startssl that covers all hosted domains so it can be shared for this purpose?