#11  
Old 10th August 2005, 03:28
KenMcGinnis KenMcGinnis is offline
Junior Member
 
Join Date: Aug 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Virtual IP

One more related question: In your "perfect setup" you mention:

"I want to create a virtual network card eth0:0 with the IP address 192.168.0.101 (my main one is 192.168.0.100 in this example) so I select Add:"

Can this 'virtual IP' be used with an SSL Certificate? If not, what was the purpose? I don't see where you use the Virtual IP for anything.
Reply With Quote
Sponsored Links
  #12  
Old 10th August 2005, 07:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,032
Thanks: 826
Thanked 5,381 Times in 4,228 Posts
Default

Quote:
Originally Posted by KenMcGinnis
One more related question: In your "perfect setup" you mention:

"I want to create a virtual network card eth0:0 with the IP address 192.168.0.101 (my main one is 192.168.0.100 in this example) so I select Add:"

Can this 'virtual IP' be used with an SSL Certificate? If not, what was the purpose? I don't see where you use the Virtual IP for anything.
Yes, this virtual IP can be used for SSL or when you need an IP-Based vhost (site).
Reply With Quote
  #13  
Old 12th August 2005, 20:58
KenMcGinnis KenMcGinnis is offline
Junior Member
 
Join Date: Aug 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default multiple vhosts from a single ip

I am still researching this as I have some clients breathing down my back.

Regarding your post above about the virtual ip. I do have a virtual IP 192.168.0.197 (in Suse9.3 - additional IP), however it is not in the drop down list for a site that I have setup. The site is now working fine on 192.168.0.195 but I want to change it so I can have a SSL cert.


I understand it is possible to have multiple vhosts on a single IP by using different ports. For example you could have one on xx.xx.xx.xx:80 and a different one on xx.xx.xx.xx:8080. Another way is to have a wildcard cert (http://www.digicert.com/wildcard-ssl-certificates.htm) Supposedly both of these work with apache2. Do either of these work with ispconfig?

Last edited by KenMcGinnis; 12th August 2005 at 22:40.
Reply With Quote
  #14  
Old 13th August 2005, 11:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,032
Thanks: 826
Thanked 5,381 Times in 4,228 Posts
Default

Quote:
Originally Posted by KenMcGinnis
I am still researching this as I have some clients breathing down my back.

Regarding your post above about the virtual ip. I do have a virtual IP 192.168.0.197 (in Suse9.3 - additional IP), however it is not in the drop down list for a site that I have setup. The site is now working fine on 192.168.0.195 but I want to change it so I can have a SSL cert.
Have you entered the IP in the controlpanel under Management > Server > Settings?


Quote:
Originally Posted by KenMcGinnis
I understand it is possible to have multiple vhosts on a single IP by using different ports. For example you could have one on xx.xx.xx.xx:80 and a different one on xx.xx.xx.xx:8080. Another way is to have a wildcard cert (http://www.digicert.com/wildcard-ssl-certificates.htm) Supposedly both of these work with apache2. Do either of these work with ispconfig?
I've never tested wildcard certificates with ISPConfig. If you want to know how ISPConfig configures your apache serve, have a look at the
Vhost_ispconfig.conf file in the directory vhosts in your apache configuration directory.

Last edited by till; 13th August 2005 at 16:01.
Reply With Quote
  #15  
Old 13th August 2005, 14:33
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
I understand it is possible to have multiple vhosts on a single IP by using different ports. For example you could have one on xx.xx.xx.xx:80 and a different one on xx.xx.xx.xx:8080.
You can have as many vhosts as you like on a single IP address using the same port as long as they do not use SSL.
If you use SSL and only have one IP address you must use different ports, but then you have to type the port into the browser's address bar as long as it's not the standard https port (443). E.g. you would have to type https://www.example.com:8080. I don't think this is what your clients want...

Quote:
Another way is to have a wildcard cert (http://www.digicert.com/wildcard-ssl-certificates.htm) Supposedly both of these work with apache2. Do either of these work with ispconfig?
A wildcard certificate means that all subdomains of a domain (e.g. www.example.com. test.example.com, example.example.com, shop.example.com, etc.) can use that certificate, without a warning popping up in the visitor's browser. If you use a wildcard certificate, then all your clients would have to use a subdomain of example.com, and I don'T think your clients want that either...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:

Last edited by falko; 13th August 2005 at 14:56.
Reply With Quote
  #16  
Old 13th August 2005, 19:37
KenMcGinnis KenMcGinnis is offline
Junior Member
 
Join Date: Aug 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default multiple SSL Cert with one IP

Thanks, that helps.
1. no I did not enter the virtual IP on the management screen. That is now fixed.

Regarding the options for multiple IPs with ports:
The port thing may work for me. I have the client go to a web page with http: as usual. They only need the encryption with cert when they download. So I have a link on the web page to the file to download. The client only sees the name of the file. The actual link can be anything so having the port appended is not a problem.

So I now have the domain www.mydomain.com set up on the IP 192.168.0.195 - it works fine.

1. I changed the IP to 192.168.0.197 (a virtual port) checked the 'SSL' box and created and saved the cert. How do I access it now?

2. I tried entering 192.168.0.195:445 in the management/server/settings and using that IP but it does not work. Note that when I do use that new port, I can only see 192.168.0.4 in the drop down box - maybe that is the problem?

I need a hint how to access a domain on an IP using a different port.
Reply With Quote
  #17  
Old 14th August 2005, 14:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by KenMcGinnis
1. I changed the IP to 192.168.0.197 (a virtual port) checked the 'SSL' box and created and saved the cert. How do I access it now?
https://www.mydomain.com

Quote:
Originally Posted by KenMcGinnis
2. I tried entering 192.168.0.195:445 in the management/server/settings and using that IP but it does not work. Note that when I do use that new port, I can only see 192.168.0.4 in the drop down box - maybe that is the problem?

I need a hint how to access a domain on an IP using a different port.
You can only enter IP addresses under Management -> Server -> Settings, not IP addresses with ports.

You could copy your SSL vhost from the Vhosts_ispconfig.conf file to your main httpd.conf (so that the vhost doesn't get overwritten by ISPConfig anymore) and change port 443 to 445. Then you have to add
Code:
Listen 445
to the main section of your httpd.conf and restart Apache.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #18  
Old 11th June 2006, 21:33
guentherhoven guentherhoven is offline
Junior Member
 
Join Date: Jun 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by falko
You can have as many vhosts as you like on a single IP address using the same port as long as they do not use SSL.
If you use SSL and only have one IP address you must use different ports, but then you have to type the port into the browser's address bar as long as it's not the standard https port (443). E.g. you would have to type https://www.example.com:8080. I don't think this is what your clients want...



A wildcard certificate means that all subdomains of a domain (e.g. www.example.com. test.example.com, example.example.com, shop.example.com, etc.) can use that certificate, without a warning popping up in the visitor's browser. If you use a wildcard certificate, then all your clients would have to use a subdomain of example.com, and I don'T think your clients want that either...
One thing you did not mention is that you can are still required to use only 1 ip address for even wildcard certificates.
Also, i keep seeing all of these CA's being posted, but you can actually buy them all at one place, ssl.com. Try these links out:
Standard certs - http://www.ssl.com/c-24-single-domain-name-fqdn.aspx
Wildcard certs - http://www.ssl.com/c-25-multiple-sub...-wildcard.aspx
SSL Information/Knowledge Base (good stuff) http://info.ssl.com
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 18:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.