ok so what i did was leave gnutls active and pointed all the virtualhost certs to the openssl one i created with all the commonnames but still they all seem to want to use the standard first certificate, i restarted the server to make sure all settings were active. also now my web server wont display the https site and says its unreachable, think this has to do with apaches ports conf but i did not edit that
ignore those posts, got it working now, all my sites are valid the only problem is cacert needs to be installed as a root certificate provider in IE which still is going to be a problem with people visiting my sites. do you know if anyone will validate the openssl cert other than cacert one i can pay for that has full IE support
done some tinkering Hi guys, so i got gnutls to work if i create my certificates manually using www.domain.com, www.domainb.com as the common names in each cert. If i use the certs created with ispconfig then the common name in these certs is just domain.com and domainb.com. If i use these ispconfig certs and goto https://www.domain.com or https://www.domainb.com i get a certificate error and my browser then tries to use the first cert created eg site https://www.domain.com uses cert for www.domain.com site https://www.domainb.com uses cert for www.domain.com site https://www.domainc.com uses cert for www.domain.com etc all sites use the first sites cert . So i am wondering if there is a setup problem with my server or in the way i define my sites in ispconfig. Can anyone see if there is something blazingly obvious that im doing wrong Also can anyone confirm, does gnutls not work with IE7 on windows xp it seems to work on safari in mac os x 10.5.7 but not on my windows box
Hate to bring up an old Post but has anyone been able to get this working on Latest Debian 5 and Latest ISPConfig 3? I have tried the first post several times without success. Still using first cert created for all sites. Also tried the commonName fix without success. The setup from the original post seems to install fine without errors other than the one: [warn] NameVirtualHost xxx.xxx.xxx.xxx:443 has no VirtualHosts But still not working as specified. Horfic said he got it to work by following the first post and all was needed was to create the CSR from ISPConfig. Just wandering if anyone else has had success and if so can anyone give me a down and dirty way of doing this. I would much appreciate it.
Hi ByteMe, You should need to create one cert with multiple domains (see my prev posts), and about warning - Its says, that you dont have virtualhost with name xxx.xxx.xxx.xxx:443. You probably have vhost *:443, which is default generated by ISPConfig, so you have to select IP address in WebSite config.
apache failed to restart Reviving an old topic, but very interesting. I tried with the tutorial in the first post and also made the necessary changes in ports.conf as descrbed in the 3rd post, but apache fails to load afterwards: The apache log does not state anything: Could not figure out where things went wrong? Checked the 000-ispconfig.vhost without any clue. Or is there a new way to achieve the same? Thanks!
Nope. Code: #a2dismod ssl #a2enmod gnutls and when I tried to restart the apache2 server with Code: #/etc/init.d/apache2 restart I got those errors.
Till: That was a typo (about a3enmod) ;-) The errors are as posted at http://www.howtoforge.com/forums/showpost.php?p=266089&postcount=28 fyi
Update Hey zenny, I know this is late and sorry about that, just upgraded myself to new 3.0.4.1 and until now everything has worked with the gnutls. I upgraded and reconfiged and made a new cert then towards the end of the upgrade I was confronted with: Code: Restarting web server: apache2We failed to correctly shutdown apache, so we're now killing all running apache processes. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now! (warning). Syntax error on line 47 of /etc/apache2/sites-enabled/000-ispconfig.vhost: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration ... waiting failed! So similar issue with Debian 5 is what I am running. When following the directions in the first post I disabled ssl with: a2dismod ssl And enabled gnutls: a2enmod gnutls Well the upgrade broke my sites and ISPConfig. Could not start apache. What I did for right now is re-enable ssl and apache was able to start without error: Code: # a2enmod ssl Enabling module ssl. See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates. Run '/etc/init.d/apache2 restart' to activate new configuration! l# /etc/init.d/apache2 restart Restarting web server: apache2 ... waiting . Try that to see if you are able to get everything back up. Also I will post any updates I have about getting gnutls back in order. Hope this helps.
