Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th June 2006, 19:56
DaddyFix DaddyFix is offline
Member
 
Join Date: Jan 2006
Location: Canada
Posts: 35
Thanks: 0
Thanked 1 Time in 1 Post
Cool Virtual Hosts SSL 443

First, Im sorry for asking about Virtual Hosts SSL help. I see many people have been having similar issues setting this up, but I can' seem to find the imformation I need. Could you please direct me to offer some advice to this issue?

Originally I used to put my Client SSL information into the VHosts.conf file. All client share the same Certificate Key. Her is a simplified example...
Code:
NameVirtualHost 192.168.1.100:80
NameVirtualHost 192.168.1.100:443
<VirtualHost 192.168.1.100:80>
        Servername somedomain.ca
        Redirect permanent / http://www.somedomain.ca
</VirtualHost>
<VirtualHost 192.168.1.100:443>
        Servername somedomain.ca
        Redirect permanent / http://www.somedomain.ca
        SSLEngine on
        SSLCertificateFile \
            /usr/local/ssl/install/openssl/certs/http://www.example.com.cert
        SSLCertificateKeyFile \
            /usr/loca/ssl/install/openssl/certs/http://www.example.com.key
</VirtualHost>
But now I see that Vhosts_ispconfig.conf only uses 'NameVirtualHost 192.168.1.100:80'. Hmmm. How do I enable a client to use the same SSL certificate for all the sites I host?

I tried to use the SSL option in the client setup of ISPConfig but I get the error ' Already a Cettificate for this IP '. Which I understand why this happens.

when I try to use https://mydomain.ca I get the request for the SSL and I get an answer from Apache v2.53 that tells me there is no virtual host entry on 443 for this client.
Code:
You don't have permission to access / on this server.
Am I doing something wrong here?

PS. I love ISPConfig..
Reply With Quote
Sponsored Links
  #2  
Old 12th June 2006, 21:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,411
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

ISPConfig only supports one SSL website per IP, this is is an apache limit and not an limit of ISPConfig.

To create an SSL website, check the SSL checkbox in the website settings of the site and then create an SSL certificate on the SSL TAB. ISPConfig rewrites the vhost configuration for you to enable SSL for this website.

If you need an other setup that does not use SSL virtual hosts, you can not use ISPConfig to configure it.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 12th June 2006, 22:39
Sheridan Sheridan is offline
Junior Member
 
Join Date: Jun 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Are you sure?
I always thought that one certificate for multiple vhosts shouldn't be a problem.
I know that it's not possible to have multiple ssl cerificates for one ip but the ssl part is just over when apache has to get the right vhost.

greets
Sheridan

Last edited by Sheridan; 12th June 2006 at 22:43.
Reply With Quote
  #4  
Old 13th June 2006, 10:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

A wildcard certificate is no problem, but you cannot use multiple certs on one IP address.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 13th June 2006, 11:15
Sheridan Sheridan is offline
Junior Member
 
Join Date: Jun 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
A wildcard certificate is no problem, but you cannot use multiple certs on one IP address.
Yep. I know, but ispconfig doesn't create a VirtualHost entry for the ssl part of the Vhostconfig file for the other domains on my server.
If i try to enable ssl for the other domain he tells me that an ssl certificate still exists for this ip. That's ok, but i simply want to use the existing one for this domain too.

greets & thanks
Sheridan
Reply With Quote
  #6  
Old 13th June 2006, 11:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

That's not possible with ISPConfig. You can try to tweak the main Apache configuration file as it's not overwritten by ISPConfig.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 13th June 2006, 12:00
erk erk is offline
Member
 
Join Date: Oct 2005
Location: Göteborg, Sweden
Posts: 41
Thanks: 0
Thanked 4 Times in 3 Posts
Default

There can be only one SSL enabled site per ip, but that is already clear as I understand from your last post.
The thing with SSL is that there is no hostname, just ip-number. The hostname is not visible to apache. Therefore if
www.domainone.com and
www.domaintwo point to the same ip number and you have enabled SSL on domainone.com a request to https://www.domainone.com and https://www.domaintwo.com should go to the same site whereas http requests will go to the two different sites.

In SSL only ip number counts.

//Erk
Reply With Quote
  #8  
Old 13th June 2006, 13:28
Sheridan Sheridan is offline
Junior Member
 
Join Date: Jun 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by erk
There can be only one SSL enabled site per ip, but that is already clear as I understand from your last post.
The thing with SSL is that there is no hostname, just ip-number. The hostname is not visible to apache. Therefore if
www.domainone.com and
www.domaintwo point to the same ip number and you have enabled SSL on domainone.com a request to https://www.domainone.com and https://www.domaintwo.com should go to the same site whereas http requests will go to the two different sites.

In SSL only ip number counts.
//Erk
Yep. That's the behaviour because of the missing VirtualHost entry for the second domain in the vhosts conf for <ip-address>:443.

Nope. Apache can resolve different domains when using ssl. I tried it manually on another machine without ispconfig to be sure.

@falko:
I think you can take this as a feature request from my side. ;-)

Maybe the ssl option could change it's behaviour (and name) when a certificate exists on this ip and so when enabling it, it would be nice if ispconfig can create the entry in the vhosts config file.

greets
Sheridan
Reply With Quote
  #9  
Old 13th June 2006, 13:38
erk erk is offline
Member
 
Join Date: Oct 2005
Location: Göteborg, Sweden
Posts: 41
Thanks: 0
Thanked 4 Times in 3 Posts
Default

Quote:
Nope. Apache can resolve different domains when using ssl. I tried it manually on another machine without ispconfig to be sure.
If that is the case I would be very happy if you could post that configuration here. That would be real news for me and possibly for the apache crew as well.

From http://httpd.apache.org/docs/2.0/vhosts/name-based.html :
Quote:
Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.
I don't mind being proven wrong in this case but I would be surprised.

//Erk
Reply With Quote
  #10  
Old 13th June 2006, 14:12
Sheridan Sheridan is offline
Junior Member
 
Join Date: Jun 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by erk
From http://httpd.apache.org/docs/2.0/vhosts/name-based.html :

I don't mind being proven wrong in this case but I would be surprised.

//Erk

Ok. To get sure i've checked the configs of our plesk server at work. For each domain i've enabled ssl i have a <VirtualHost <ip>:443> with a different "Servername <domain>:443" param. The ip is always the same and so is the path to the ssl cert file.

So it seems that you should trust this board and not the apache docu.

I would like to see support for this in ispconfig anyway. ;-)


greets
Sheridan
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Custom directives automatically added to ftpd virtual hosts whitty Feature Requests 2 16th May 2006 23:15
apache and virtual hosts stored in postgresql variable Server Operation 3 28th December 2005 11:48
Duplicate virtual hosts bosei General 13 22nd December 2005 17:48
Max Virtual Hosts on a server badben Server Operation 2 21st November 2005 12:35
postfix config jmroth Installation/Configuration 6 18th September 2005 15:58


All times are GMT +2. The time now is 18:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.