View Single Post
  #1  
Old 24th February 2013, 10:52
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,257
Thanks: 76
Thanked 23 Times in 19 Posts
Default need some help with SNI and startssl

Hi there,

I'm running ISPCFG 3.0.5RC2 and am having some trouble understanding SNI:

Under System => Server Config => server => Web => SSL Settings I have checked the boy next to "Enable SNI" but what exactly goes into: "CA Path" and "CA passphrase"?

Now if I am going to configure a vhost with SSL via Sites => select vhost => check "SSL" then go to the SSL tab and fill in the fields I am struggling finding out what to put into "SSL Bundle"

I have signed up with startssl.com and can generate certificates there so I have all the info but not sure where/what to fill in. Yes I have found the howto that deals with startssl.com but it doesn't help so please don't just point me there.

Is this scenario I have in mind doable:
- check SNI, then create a class2 certificate via startssl for each vhost that needs it, class2 because I'll generate a certificate that is valid for *.domain.tld

Yes, I know SNI is not fully supported everywhere but where I rent my root server from I can only get 2 IPs.

###additional question###
Lets assume the above scenario works, what/which SSL certificate do I then use for securing emails and FTP? Can I additionally create a wildcard/multi-domain certificate from startssl that covers all hosted domains so it can be shared for this purpose?
Reply With Quote
Sponsored Links