#1  
Old 23rd July 2010, 11:49
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default SSL Host - Intermediate Cert

Hi folks,

does anybody know, if ISPConfig 2 supports providing an intermediate certificate?
I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file.

thanks in advance.

Ben
Reply With Quote
Sponsored Links
  #2  
Old 24th July 2010, 12:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

Quote:
Originally Posted by Ben View Post
I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file.
That's right, you must modify the Apache configuration manually.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th July 2010, 15:31
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Hi Falko,

the apache config or the template for the config?
Last would be kind of bad as it must be changed each update of ispcfg and does only work for the assumption of using only one ssl cert on the whole host (which is at least no problem for me )

Does it make sense to add another textbox in the ssl config interface, as many of the CAs tend to intermediate CA certs.
Reply With Quote
  #4  
Old 25th July 2010, 13:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,714 Times in 2,556 Posts
Default

I'm not sure - but maybe you can include the intermediate certificate in the main Apache configuration? In that case you don't have to modify the template. (BTW, you could place the customized template in /root/ispconfig/isp/conf/customized_templates, and it will not be overwritten in case of an update.)
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 28th July 2010, 22:46
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

good idea, but except "{SSL}" there is nothing in the vhost master template?!

EDIT: Ok it did work more or less. I added the Intermediate CA line below {SSL} with the result having this line in each vhost block instead of just in the ssl block. Luckily apache does not complain about this. Is there a better way to customize the ssl block directly?

Last edited by Ben; 28th July 2010 at 22:58.
Reply With Quote
  #6  
Old 29th July 2010, 10:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
Default

Quote:
Is there a better way to customize the ssl block directly?
The only other way might be to edit the function in config.lib.php file that creates the ssl block. If I remember correctly, it is named make_vhost. But then you might have to patch the file after every ispconfig update, so this solution is not ideal too.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 29th July 2010, 11:26
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

As I have to patch one line regarding the safe mode and the open_basedir paths I think about patching only one line for an include to the additional config. But thanks for the info.
Reply With Quote
  #8  
Old 14th February 2011, 11:53
hairydog2 hairydog2 is offline
Senior Member
 
Join Date: Oct 2005
Posts: 196
Thanks: 9
Thanked 3 Times in 3 Posts
Default a possible fix?

I have a few sites that use SSL and I needed to add an intermediate certificate as certificates are renewed.

So putting an intermediate certificate reference into the vhosts file was never going to be a solution.

I have simply put the line

SSLCACertificateFile /home/www/cabundle.crt

into apache2.conf

and it seems to be working OK.
Reply With Quote
  #9  
Old 28th February 2011, 11:44
hairydog2 hairydog2 is offline
Senior Member
 
Join Date: Oct 2005
Posts: 196
Thanks: 9
Thanked 3 Times in 3 Posts
 
Default

Quote:
Originally Posted by hairydog2 View Post
and it seems to be working OK.
Two weeks later and it is still working just fine, so it seems like this is a good fix!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix queue problem? murunix Server Operation 7 2nd May 2011 01:55
smtp is error!!! fhawk Installation/Configuration 2 7th April 2009 13:17
Postfix problem: lost connection after CONNECT from unknown fernando_torrez Server Operation 5 30th November 2007 14:17
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
This is %#@*&^$# embarrassing! domino Smalltalk 34 5th February 2007 21:57


All times are GMT +2. The time now is 05:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.