#1  
Old 2nd June 2006, 19:16
dlikar dlikar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default Certificates on separate IPs

In another thread I read that there is only one certificate possible for IP. My webserver is behind a firewall in a DMZ using private IP address. There is also a full NAT support on firewall enabled.

If I assign different private IP address to each site would I be then able to create certificate for each site?

Thanks in advance, Dejan
Reply With Quote
Sponsored Links
  #2  
Old 2nd June 2006, 20:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,955
Thanks: 825
Thanked 5,362 Times in 4,209 Posts
Default

Quote:
Originally Posted by dlikar
In another thread I read that there is only one certificate possible for IP. My webserver is behind a firewall in a DMZ using private IP address. There is also a full NAT support on firewall enabled.

If I assign different private IP address to each site would I be then able to create certificate for each site?
Yes, as long as every SSL website has its own IP, even if its a private IP.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 3rd June 2006, 13:18
dlikar dlikar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

I have changed IP on existing site from 192.168.2.98 to 192.168.2.97, now I am getting "Shared IP" page. NAT works OK, server responds to ping on 192.168.2.97, vhosts seems OK. Any idea?

Dejan
Reply With Quote
  #4  
Old 3rd June 2006, 14:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Is the IP address correct in Vhosts_ispconfig.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 3rd June 2006, 16:33
dlikar dlikar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

This is a part of mine vhosts_ispconfig.conf file. I am changeing IP for istor.eu domain. It looks OK to me.

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
NameVirtualHost 192.168.2.97:80
<VirtualHost 192.168.2.97:80>
ServerName localhost
ServerAdmin root@localhost
DocumentRoot /var/www/sharedip
</VirtualHost>
NameVirtualHost 192.168.2.98:80
<VirtualHost 192.168.2.98:80>
ServerName localhost
ServerAdmin root@localhost
DocumentRoot /var/www/sharedip
</VirtualHost>
#
#
######################################
# Vhost: www.istor.si:80
######################################
#
#
<VirtualHost 192.168.2.98:80>
ServerName www.istor.si:80
ServerAdmin webmaster@istor.si
DocumentRoot /var/www/web1/web
ServerAlias istor.si webmail.istor.si
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail\.istor\.si [NC]
RewriteRule ^/(.*) https://www.istor.si/horde/$1 [L,R]
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.2.98:443>
ServerName www.istor.si:443
ServerAdmin webmaster@istor.si
DocumentRoot /var/www/web1/web
ServerAlias istor.si webmail.istor.si
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.istor.si.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.istor.si.key
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail\.istor\.si [NC]
RewriteRule ^/(.*) https://www.istor.si/horde/$1 [L,R]
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
#
#
######################################
# Vhost: www.istor.eu:80
######################################
#
#
<VirtualHost 192.168.2.97:80>
ServerName www.istor.eu:80
ServerAdmin webmaster@istor.eu
DocumentRoot /var/www/web2/web
ServerAlias istor.eu webmail.istor.eu
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web2/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web2/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web2/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web2/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web2/user/$1/web/$3
RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail\.istor\.eu [NC]
RewriteRule ^/(.*) https://www.istor.eu/horde/$1 [L,R]
</VirtualHost>


Could it be something with router settings afterall. In my Zywall I have only 192.168.2.98 IP registered, the problem is that I can not have different IP-s on same MAC address. But router knows where to foward the request, othewise I woud not get the shared IP page?

Dejan
Reply With Quote
  #6  
Old 3rd June 2006, 22:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by dlikar
I have changed IP on existing site from 192.168.2.98 to 192.168.2.97, now I am getting "Shared IP" page.
To which site are you referring?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 6th June 2006, 18:43
dlikar dlikar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

I am referring to the site www.istor.eu. I have changed IP back to the old one, so right now you can not see the results I am getting. If it would help in solveing the problem I can set up the new configuration.

When using new configurtation the vhosts_ispconfig.conf file looks like the one in previous post.

Dejan
Reply With Quote
  #8  
Old 6th June 2006, 22:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,955
Thanks: 825
Thanked 5,362 Times in 4,209 Posts
Default

Does your router has more then one external IP that you can forward to different internal IP addresses?

If not, you can not see more then one private IP from an external client and can not have more then one SSL site at all.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 7th June 2006, 08:50
dlikar dlikar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 1 Time in 1 Post
Default

I do not agree with you. One global (external) address, multiple local (internal) addresses is a legal NAT configuration (multiple to one). If there would be something wrong with the router than I woud not get the "Shared IP" page.

When using the new configuration other domains on old IP work fine.

It would be nice to have separate public IPs for each hosted domain

Dejan
Reply With Quote
  #10  
Old 7th June 2006, 10:39
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,955
Thanks: 825
Thanked 5,362 Times in 4,209 Posts
 
Default

Quote:
Originally Posted by dlikar
I do not agree with you. One global (external) address, multiple local (internal) addresses is a legal NAT configuration (multiple to one).
You can have multiple internal IP addresses, but you can not access them on the same port (SSL = port 443) from the outside!

Quote:
If there would be something wrong with the router than I woud not get the "Shared IP" page.
I guess you get the shared IP page, beacuse you forwarded port 443 from your router to the IP 192.168.2.98 and not 192.168.2.97


Quote:
It would be nice to have separate public IPs for each hosted domain
Ask your provider
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Certificates with OpenSSL heat Technical 3 25th January 2011 14:25
Separate ISPconfig Admin and sites... sveronese Installation/Configuration 4 3rd June 2006 22:17
Chained / intermediate SSL certificates max Installation/Configuration 5 9th December 2005 05:03
Certificates for domains jdeponte Installation/Configuration 1 19th October 2005 08:55
To create certificates misterm Installation/Configuration 4 2nd October 2005 22:47


All times are GMT +2. The time now is 11:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.