SSL Host - Intermediate Cert

Discussion in 'Installation/Configuration' started by Ben, Jul 23, 2010.

  1. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Hi folks,

    does anybody know, if ISPConfig 2 supports providing an intermediate certificate?
    I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file.

    thanks in advance.

  2. falko

    falko Super Moderator ISPConfig Developer

    That's right, you must modify the Apache configuration manually.
  3. Ben

    Ben ISPConfig Developer ISPConfig Developer

    Hi Falko,

    the apache config or the template for the config?
    Last would be kind of bad as it must be changed each update of ispcfg and does only work for the assumption of using only one ssl cert on the whole host (which is at least no problem for me :) )

    Does it make sense to add another textbox in the ssl config interface, as many of the CAs tend to intermediate CA certs.
  4. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure - but maybe you can include the intermediate certificate in the main Apache configuration? In that case you don't have to modify the template. (BTW, you could place the customized template in /root/ispconfig/isp/conf/customized_templates, and it will not be overwritten in case of an update.)
  5. Ben

    Ben ISPConfig Developer ISPConfig Developer

    good idea, but except "{SSL}" there is nothing in the vhost master template?!

    EDIT: Ok it did work more or less. I added the Intermediate CA line below {SSL} with the result having this line in each vhost block instead of just in the ssl block. Luckily apache does not complain about this. Is there a better way to customize the ssl block directly?
    Last edited: Jul 28, 2010
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The only other way might be to edit the function in config.lib.php file that creates the ssl block. If I remember correctly, it is named make_vhost. But then you might have to patch the file after every ispconfig update, so this solution is not ideal too.
  7. Ben

    Ben ISPConfig Developer ISPConfig Developer

    As I have to patch one line regarding the safe mode and the open_basedir paths I think about patching only one line for an include to the additional config. But thanks for the info.
  8. hairydog2

    hairydog2 New Member

    a possible fix?

    I have a few sites that use SSL and I needed to add an intermediate certificate as certificates are renewed.

    So putting an intermediate certificate reference into the vhosts file was never going to be a solution.

    I have simply put the line

    SSLCACertificateFile /home/www/cabundle.crt

    into apache2.conf

    and it seems to be working OK.
  9. hairydog2

    hairydog2 New Member

    Two weeks later and it is still working just fine, so it seems like this is a good fix!

Share This Page