Multiple SSL site setup

Discussion in 'Installation/Configuration' started by willko, Jul 17, 2012.

  1. willko

    willko New Member

    Hi all,

    Trying to set up a few SSL sites using SNI with ISPConfig 3.0.4.6 and Apache/2.2.3 ( first thought is apache version not high enough(2.2.12 minimum???).. If so how do I upgrade httpd to necessary version with CentOS 5.8 final as OS? Not seeing any RHEL related httpd versions available via yum...

    I have SNI enabled via control panel and I'm pretty sure I've entered all the necessary conf file settings ( <VirtualHost *:443>, SSLEngine On,SSLCertificateFile, SSLCertificateKeyFile, ServerName, ServerAlias, ServerAdmin etc...)

    I get these error messages via httpd error.log:
    Code:
    [Tue Jul 17 12:40:29 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Jul 17 12:40:29 2012] [warn] Init: SSL server IP/port conflict: siteone.co.uk:443 (/etc/httpd/conf/sites-enabled/100-siteone.co.uk.vhost:107) vs. sitetwo.com:443 (/etc/httpd/conf/sites-enabled/900-sitetwo.com.vhost:111)
    [Tue Jul 17 12:40:29 2012] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
    The certs are created and in correct directories and referenced...

    Any ideas? Is the apache version the issue? More info needed?

    Many thanks for help!!
     
  2. pititis

    pititis Member

    Hi,

    Maybe your openssl was not compiled with tls support.

    You can do an useful test. You can get some info running the phpinfo().

    Code:
    touch phpinfo.php
    Edit it and add this:
    Code:
    <?php
      
    phpinfo();
      
    ?>
    
    Run the script
    Code:
    php phpinfo.php|grep SSL
    Here is my output:

    Code:
    SSL => Yes
    SSL Version => OpenSSL/0.9.8k
    SSL Support => enabled
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 0.9.8k 25 Mar 2009
    OpenSSL Header Version => OpenSSL 0.9.8k 25 Mar 2009
    OpenSSL support => enabled
    
    OpenSSL 0.9.8k and later has this enabled by default

    Cheers
     
  3. willko

    willko New Member

    Many thanks for the info/tip..

    here's my output:
    Code:
    SSL => Yes
    SSL Version =>  OpenSSL/0.9.8b
    SSL Support => enabled
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    OpenSSL Header Version => OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    Native OpenSSL support => enabled
    
    and this from YUM:
    Code:
    PM Group    : System Environment/Libraries
    Source       : openssl-0.9.8e-22.el5_8.4.src.rpm
    Build Time   : Tue May 29 18:28:29 2012
    Install Time : Tue Jun 26 18:34:02 2012
    License      : BSDish
    I guess the issue might be the SSL version then? Any idea how I update this? No RHEL based repo updates/upgrades listed via YUM... Is there a repo I'm missing perhaps? Dependencies maybe an issue though ehh?

    Found these links that seem relevant here and here

    Seems to imply it would be better to jump up CentOS versions ( to 6.2 etc..)

    Thanks again for the reply!! Much appreciated!
     

Share This Page