Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th January 2008, 09:22
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default SSL for multiple subdomains

Hi,

I have a webiste www.chillifire.net installed plus some subdomains, i.e. login01.chillifire.net with ISPConfig 2.1.18 on an Ubuntu 7.10 server. With http they direct to the specific folders /var/www/webx with x being the number of the virtual host. I have a SSl certificate installed for the www domain, which works well. I have one IP address on that server. So far so good.

When I tried reaching the subdomains under https I expected to see the certificate error warning screens from the browser, warning me that the url does not match the certificate's. What I did not expect is that the browser redirected in https to the folder /var/www/webx of the www.chillifire.net domain although the URL still shows https//login.chillifire.net.

Is this expected behaviour?

I understand that I need two IP addresses on an Apache2 server if I want two different certificates for two different domains.

But does this restriction count for subdomains as well?

What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.

Can this be achieved?

As usual, any hints/input are welcome.

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 29th January 2008, 10:22
thecaoticone thecaoticone is offline
Member
 
Join Date: Nov 2007
Posts: 89
Thanks: 1
Thanked 18 Times in 16 Posts
Default

I don't run ISPconfig, but from what I know about Apache, this might work.

Here's a post I ran accross when I thought about trying the same thing.

http://www.howtoforgehttp://www.howt...sl+virtualhost
Reply With Quote
  #3  
Old 29th January 2008, 11:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Quote:
But does this restriction count for subdomains as well?
Yes.

Quote:
What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.
This should work. But you will have to add all sub-domains a co-domain to the website which has the SSL certificate and the subdomains will not have its own directory.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 29th January 2008, 12:59
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default Resolved

erk

Thanks for the hint. I tried this out, but ran into the 'SSL overlap' error on stratup of apache2. So no go.

Thanks till, but I need the separate folders for security reasons - that was the whole point. So a second IP address, I guess.

Thanks for the input
Reply With Quote
  #5  
Old 10th April 2008, 04:47
daveb daveb is offline
Senior Member
 
Join Date: Dec 2006
Location: St Louis Mo
Posts: 272
Thanks: 43
Thanked 41 Times in 37 Posts
Default

Quote:
Originally Posted by chillifire
What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain chillifire.net.
chillfire, I would like to know how that cert worked for you. I was thinking about purchasing one or two for my servers for postfix+tls, pop3s, imaps, and ispconfigs apache services. All in one cert would be nice and more cost effective. I would think since each service was on a dif port and service it would work well. Like
cpanel.example.tld:81
smtp.example.tld
imap.example.tld
pop.example.tld
is that what you used yours for?
Reply With Quote
  #6  
Old 10th April 2008, 08:24
chillifire chillifire is offline
HowtoForge Supporter
 
Join Date: Oct 2007
Posts: 75
Thanks: 3
Thanked 3 Times in 3 Posts
Default Different purpose

Hi,
no, that is not why I bought this. I use 'snakeoil' certificates for the email services and I do not think the user actually ver sees a difference.

I use the multi subdomain certificate for two web servers I have running on ISPConfig under different subdomain names. One server is 'front-of house' www.chillifire.netpromoting my service, the other one login01.chillifire.netis actually delivering the service.

Hope this helps.
Reply With Quote
  #7  
Old 11th April 2008, 13:14
gilas gilas is offline
Member
 
Join Date: Jun 2006
Posts: 61
Thanks: 0
Thanked 0 Times in 0 Posts
Default doesn't work correctly for single domain

Hi folks
I tried for several hours without find any solution. My problem is similar (or the same); I need to define a SSL certificate for each site of my subdomain i.e.:

main domain name: www.tryme.it
subdomain name:
sub1.tryme.it
sub2.tryme.it
sub3.tryme.it
[... and so on ...]

I discovered that if I create a certificate SELF-SIGNED for the first domain (doesn't matter what is the first, I mean: the first used for SSL...) the certificate will be stored inside the SSL folder, i.e.:

/var/www/sub1/ssl

well, all is ok and for that domain all works correctly.

But when I try to create another certificate for another domain ISPConfig tells me that 'there is another certificate for this IP address'.

But if I try a connection to a different site, i.e.:
https://sub3.tryme.it

the certificate proposed and used is the same of sub1 (see example above).

This situation could be replicated so that I believe this is very frustrating and limitating (infact I manage another domain with Plesk and for each domain I can create certificates without problems).

My colleague says that the creation certificate process have not to be based on IP address but instead on site name.

I'm not expert in this then I wait for an answer and to understand if there is a solution to apply, otherwise I'll be forced to look for another CP.

Thank you very much!
Reply With Quote
  #8  
Old 11th April 2008, 13:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

SSL certificates are always based on a domain name and not on a IP, thats the same in ISPConfig. But you need a dedicated IP for every site. This is a limitation in the apache webserver and not ISPConfig.

Quote:
otherwise I'll be forced to look for another CP.
Thats totally up to you.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 11th April 2008, 13:52
gilas gilas is offline
Member
 
Join Date: Jun 2006
Posts: 61
Thanks: 0
Thanked 0 Times in 0 Posts
Default ssl and certificates...

I appreciated ISPConfig and I think it is a good product.
My choice to change this CP could be linked to this aspect.
However I bought a virtual server and using Plesk I can create certificates without any limitation (I tried this morning). The IP is the same, so that I cant undestrand what you mean....
thank you very much for your intervention.
Reply With Quote
  #10  
Old 11th April 2008, 14:08
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
 
Default

Gilas, if you dont believe me, read the apache documentation.

http://www.apache.org

If you use ISPConfig or not is up to you, so telling me that you will change to another control panel is up to you too and you will not get more or less help if you tell us that.

Pleask may use a patched apache server that supports more then one SSL Cert per IP, but the apache servers that were delivered with the linux distributions definately do not support it.

Please search the forums, you will find several thread for this.

Additionally, have a look here:

http://www.howtoforge.com/enable-mul...on-debian-etch
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 and multiple SSL configs and name based virtual hosting Creator1326 Server Operation 11 5th October 2010 20:28
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 18:59
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 19:11
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 05:03
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 17:31


All times are GMT +2. The time now is 08:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.