Roadmap for CA / SSL Certs

Discussion in 'General' started by TonyG, Oct 1, 2020.

  1. TonyG

    TonyG Member

    When installing there are a couple prompts for certs. In Server Config > Web > SSL Settings, nothing is displayed. I can't figure out which cert that describes or where to create it (I suspect I need to just keep reading more thoroughly for that one.)

    It would be helpful to find a full set of notes that describe which certs are used for specific purposes, where they are located, how they can be ln linked to share, which ones must not be symlinked, etc. The manual is good about describing each field in context, but has very little explanation about how different features integrate and affect one another. It also has a number of good warnings that "only one SSL cert can be used on a given IP address" ... but I believe it intends to say " only one Self-Signed SSL cert". And that still doesn't provide insight into certs being linked. If I missed something, please point to some info and I'll humbly fall on my sword. :) Thanks.


    upload_2020-9-30_14-8-20.png
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You don't need that unless you run your own SSL CA authority (means, issuing your own root certificates). This function is used by some large corporations which have their own inhouse CA to issue certs for their intranet systems. So most likely nothing that will affect you.
     
    ahrasis likes this.
  4. TonyG

    TonyG Member

    @Taleman - yeah, that seems to be the best guide. Thanks. In all of this documentation there is a pattern, not uncommon - we are provided with instructions that make things work, with almost no information about how it works together. "Press this button, it works", compared to "the reason why we press this button is...". This follows with the saying "give a man a fish and he'll live for a day, teach a man how to fish and he'll live for a lifetime". There are a lot of fish in this ecosystem, for which I'm very grateful. But very little about how to fish. In this context: Where do the certs go? What software uses them? This helps us to understand what we need to fix when something isn't working so that we can fix it ourselves. As I come to understand this stuff I'll document it as I'm describing. And I know "ISPConfig" isn't responsible for educating anyone about integrated components. We need to do our own homework. ISPConfig just facilitates what is otherwise a long series of manual operations. That line is clear, to me anyway. But as we see with ISPConfig and similar packages, the forum is full of questions that require the user to understand the components And how the package does things for them. I think more info about what happens when we press buttons will help to eliminate a lot of blind button pressing and forum posts about things not working.

    WOW! That's a revelation. OK, I get it. As I continue to read through the doc I'll try to note if this is a point that I missed or if this was simply not communicated well. I'm hesitant to comment on the doc as I know you have intent to update it.

    Thanks guys!
     

Share This Page