Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 6th June 2007, 09:05
rbartz rbartz is offline
Member
 
Join Date: Apr 2006
Posts: 80
Thanks: 9
Thanked 6 Times in 5 Posts
Default SSL for virtual hosts on one certificate

What this WILL do is give you a way to provide an error free secure SSL connection for one to many virtual hosts that do not have their own IP addresses using ONE certificate that uses ONE IP address.

For example https://secure.myhost.com/joesplace/... and https://secure.myhost.com/jimsplace/... and and and...

What this WILL NOT do is to give you a way to use more than one certificate on one IP address. It will not let you hide the real certificate domain either.

The upside is you can provide SSL for several domains with one IP and one SSL certificate. The downside is that the certificate is in ONE domain name using what looks like sub-directories but are actually simple links....

===============
On our servers, we have several small hosted accounts that need SSL for a form or for a few sales a month. Using an IP address for each one, plus buying certificates, is more than they really want or need. However, they do need SSL for simple things. What we needed was a way to use a "server-wide" SSL certificate that would be easy and work well without certificate errors... and we wanted the certificate to work properly on all the virtual hosted sites with NO red warnings in the browser location bar!

Here are the steps we used:

Assumptions: You are running Linux and the virtual hosts are stored in /var/www. I do not know anything about doing this on Windows. Finally, you have root access to your server.

1. Choose the name you will use for the certificate. We wanted our little sites to at least have some semblance of credibility, so we just added secure to the host server's main domain name. If the server domain was www.myhost.com we wanted "secure.myhost.com" to be on the certificate AND IN THE URLs.

So we changed the "hostname" on the basis page from www to secure, then added back the www in co-domains tab. Finally, go to DNS Manager and add "secure" as a hostname on the advanced tab for your myhost.com domain.

If you are creating a new secure host site specifically for this, then register the site and then create it WITH SSL on your server. You might like something like "secure.besthost.com", but any domain will work. If you use "secure" for the hostname in the basis tab, then be sure to add the www (if you want www) to work in co-domains tab. Check to be sure that all your hostnames are in your DNS setup.

2. Create a cetificate in the domain's SSL tab using legitimate info, since you will use the request to get a genuine certified certificate. The ispConfig generated certificate request will be in whatever full domain name you used in the "hostname" + "domain" on the basis page.... that is why I changed the www to secure!

3. Assuming that your domain resolves, check to make sure that "https://secure.myhost.com" works. You will get the usual errors about the certificate not being trusted, which will disappear when you get a genuine certified SSL certificate from wherever. Make sure the certificate info shows your secure domain name... as in "secure.myhost.com"...

4. Go to the web directory for your secure host domain. Something like /var/www/web1/web. Create a link to some website you want to use the SSL cert on... You will need to know the root directory for the domain you want to use the SSL cert for. If the hosted domain is www.joesplace.com then can you must find the root directory for joesplace... something like /var/www/web12. Just look in /var/www or your virtual domains root. It should show you a list of links to all the webs. We will say your host domain is in web1 and joesplace.com is in web12

You HAVE to be root to do this...-> and you MUST be in your secure host sites web root directory!

The link creation will be like this:
ln -sf HOSTED_SITE_WEB_DIRECTORY LINK_NAME

ln -sf /var/www/web12/web joesplace

(yes, I think "joesplace.com" would work just as well)

5. Now you can use "https://secure.myhost.com/joesplace/" to open joesplace.com with your host SSL cert... Try it.... If it opens joesplace and the only SSL error you get is the certification path, then you can order your genuine SSL certificate with confidence all will work well later.

When you receive and your real, genuine, certified SSL certificate, the browser will no longer object to certification path errors or domain name errors if you did everything right. GREEN locations are GREAT...!

Conclusion: That is what we did to better serve our small clients with simple SSL needs. Now we simply create a new link in our secure domain web root for each site that we need simple SSL on, and advise our clients to tell people that they are using a shared secure server certificate provided by their host.

We run some sites on leased Linux servers with Fedora Core 3 or 4 that are setup with "The Perfect Setup" guides. Our ispConfig has always installed and upgraded without fault, and we have made very few changes from the standard setups and software versions.

Hoping this helps others,

RDB
Reply With Quote
The Following User Says Thank You to rbartz For This Useful Post:
chuckl (6th June 2007)
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Hosts SSL 443 DaddyFix Installation/Configuration 16 9th May 2012 19:51
Hostname issue with SSL Certificate request. mhpcomputerservices General 3 19th December 2006 15:25
ISPConfig & SSL certificate ikaros General 5 27th September 2006 23:26
ssl Certificate Invalid simplyworks Installation/Configuration 8 16th August 2006 16:44
from http to https after installation? Mahir Installation/Configuration 25 7th December 2005 20:40


All times are GMT +2. The time now is 08:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.