SSL for multiple subdomains

Discussion in 'Installation/Configuration' started by chillifire, Jan 29, 2008.

  1. chillifire

    chillifire New Member


    I have a webiste installed plus some subdomains, i.e. with ISPConfig 2.1.18 on an Ubuntu 7.10 server. With http they direct to the specific folders /var/www/webx with x being the number of the virtual host. I have a SSl certificate installed for the www domain, which works well. I have one IP address on that server. So far so good.

    When I tried reaching the subdomains under https I expected to see the certificate error warning screens from the browser, warning me that the url does not match the certificate's. What I did not expect is that the browser redirected in https to the folder /var/www/webx of the domain although the URL still shows https//

    Is this expected behaviour?

    I understand that I need two IP addresses on an Apache2 server if I want two different certificates for two different domains.

    But does this restriction count for subdomains as well?

    What I wanted to do is to install a GoDaddy Multiple Domain Certificates, also called Unified Communications Certificates (UCC), domain, which covers the two mentioned plus some more subdomains, and have them all sitting on one server- with one IP address, since they are just subdomains of the identical domain

    Can this be achieved?

    As usual, any hints/input are welcome.

  2. thecaoticone

    thecaoticone New Member

  3. till

    till Super Moderator Staff Member ISPConfig Developer


    This should work. But you will have to add all sub-domains a co-domain to the website which has the SSL certificate and the subdomains will not have its own directory.
  4. chillifire

    chillifire New Member



    Thanks for the hint. I tried this out, but ran into the 'SSL overlap' error on stratup of apache2. So no go.

    Thanks till, but I need the separate folders for security reasons - that was the whole point. So a second IP address, I guess.

    Thanks for the input
  5. daveb

    daveb Member

    chillfire, I would like to know how that cert worked for you. I was thinking about purchasing one or two for my servers for postfix+tls, pop3s, imaps, and ispconfigs apache services. All in one cert would be nice and more cost effective. I would think since each service was on a dif port and service it would work well. Like
    is that what you used yours for?
  6. chillifire

    chillifire New Member

    Different purpose

    no, that is not why I bought this. I use 'snakeoil' certificates for the email services and I do not think the user actually ver sees a difference.

    I use the multi subdomain certificate for two web servers I have running on ISPConfig under different subdomain names. One server is 'front-of house' www.chillifire.netpromoting my service, the other one login01.chillifire.netis actually delivering the service.

    Hope this helps.
  7. gilas

    gilas Member

    doesn't work correctly for single domain

    Hi folks
    I tried for several hours without find any solution. My problem is similar (or the same); I need to define a SSL certificate for each site of my subdomain i.e.:

    main domain name:
    subdomain name:
    [... and so on ...]

    I discovered that if I create a certificate SELF-SIGNED for the first domain (doesn't matter what is the first, I mean: the first used for SSL...) the certificate will be stored inside the SSL folder, i.e.:


    well, all is ok and for that domain all works correctly.

    But when I try to create another certificate for another domain ISPConfig tells me that 'there is another certificate for this IP address'.

    But if I try a connection to a different site, i.e.:

    the certificate proposed and used is the same of sub1 (see example above).

    This situation could be replicated so that I believe this is very frustrating and limitating (infact I manage another domain with Plesk and for each domain I can create certificates without problems).

    My colleague says that the creation certificate process have not to be based on IP address but instead on site name.

    I'm not expert in this then I wait for an answer and to understand if there is a solution to apply, otherwise I'll be forced to look for another CP.

    Thank you very much!
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    SSL certificates are always based on a domain name and not on a IP, thats the same in ISPConfig. But you need a dedicated IP for every site. This is a limitation in the apache webserver and not ISPConfig.

    Thats totally up to you.
  9. gilas

    gilas Member

    ssl and certificates...

    I appreciated ISPConfig and I think it is a good product.
    My choice to change this CP could be linked to this aspect.
    However I bought a virtual server and using Plesk I can create certificates without any limitation (I tried this morning). The IP is the same, so that I cant undestrand what you mean....
    thank you very much for your intervention.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Gilas, if you dont believe me, read the apache documentation.

    If you use ISPConfig or not is up to you, so telling me that you will change to another control panel is up to you too and you will not get more or less help if you tell us that.

    Pleask may use a patched apache server that supports more then one SSL Cert per IP, but the apache servers that were delivered with the linux distributions definately do not support it.

    Please search the forums, you will find several thread for this.

    Additionally, have a look here:
  11. gilas

    gilas Member


    Dear Till
    thank you for your help. Since 2006 I'm using ISPConfig succesfully.
    Now I'm investigating to see if there is a solution for my host (manually or patch...)
    See you
  12. gilas

    gilas Member

  13. gilas

    gilas Member

Share This Page