SSL, problems with certificate creation and usage

Discussion in 'General' started by Bonzo, Feb 20, 2013.

  1. Bonzo

    Bonzo New Member


    I've installed 2 Systems according to this HowTo

    Now I have problems creating SSL certificates, for now I use self-signed but in the future I will use official signed certificate.
    I have a domain example com.
    If I create a domain with Auto-subdomain No, or www, or a domain wit Auto-Subdomain No, I can't use https (after I checked and created the SSL-cert, ispconfig). I get this error.

    Secure Connection Failed
    An error occurred during a connection to
    SSL received a record that exceeded the maximum permissible length.
    (Error code: ssl_error_rx_record_too_long) 
    If I create a domain, with Auto-Subdomain No, create SSL if works like a charm. Why it's possible to to create test.* but not *. or www. ?

    Is it possible to create 2 certificartes, one for one Serve, one for the other?
    One (sub)domain pointing to 2 different IP's?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    SSl Cert for www subdomain works fine on my server. A ssl cert is only for one domain, so dont use wildcards. Did you delete the ssl cert before you created a new one?

    Sure. you can use as many ssl certs on your server as you want. Just create a new website for each domain or subdomain that you want to have its own ssl cert and create a new cert. Please note that you have to use SNI if you dont have a dedicated IP for each ssl enabled site.

    One domain or subdomain can only point to one IP at a time. But thats not ssl related.
  3. Bonzo

    Bonzo New Member

    Yes, deleted. I create the subdomain in Website-Websites, not Subdomains for Website, is this OK?
    I didn't use wildcards.

    Is this maybe the problem, I don't know what SNI is. Is there a howto for enabling this?

    Ok, I think I have to tell you what this server is intended for, for clarification.
    It should be a sem-HA solution for the poor. Thats why I used your clustered setup.
    Now, I have the Domain and A records for www (some DNS provider) somethiong like

    www A
    www A

    With this configuration (one subdomain points to different IP's) i get some round-robin LoadBalancing.
    Thats working OK. But I think I'll have a problem with SSL.
    www on both IP's should be certificated. Is this possivble. certificeate domain for and for

    Actually, I don't need this LoadBalancing. All I need is a solution if the first Server is not reachable switch to the second Server and switch back to the first server when reachable again. I read your clustered solution and build everything around this. And it worked OK till I needed to uses certificates.
    Maybe you have an idea how to do this better?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats ok. But you wont create as website, the correct settings are:

    auto subdoman: www

    to get a website for

    This does not matter for ssl as ssl does not depend on the IP. Just the domain name the ssl cert is issued for matters.
  5. Bonzo

    Bonzo New Member

    Ok, i tried some other configuration and it is probably because the only one dedicated IP i have.
    It's possible to create and use only one subdomain with one IP? Correct?

    What is SNI you mentioned, is this a server extension? Any HowTo at Howtoforge?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You can have only one ssl certificate per IP address with traditional ssl.

    See wikipedia and various posts here in the forum.

    You dont need a special configuration for sni. sni is supported by default in ispconfig. What matters are the bwowsers of your user and the openssl and apache version on your server as decsribed at wikipedia.

Share This Page