Secure a website with client-side ssl certification

Please check if /etc/apache2/vhosts/Vhosts_ispconfig.conf is included in your main Apache configuration.

 

Yes it is included.

I think that the same site for the port number 80 uses the ISPConfig options but for the port 443 apache just looks inside /etc/apache2/vhosts.d/*.conf

What do you think?

 

Why?

I need my /etc/apache2/vhosts.d/myhost.conf to makes the SSL connection work.

When I said that Apache wasn't looking to /etc/apache2/vhosts/Vhosts_ispconfig.conf I was wrong.
It looks inside it and also inside my /etc/apache2/vhosts.d/myhost.conf where I define all the parameters to makes SSL work correctly.

Also I've noticed that if you change any options on the ISPConfig panel /etc/apache2/vhosts/Vhosts_ispconfig.conf is rewritten.

Then I think that the best solution is to define all the option on my /etc/apache2/vhosts.d/myhost.conf including the Apache directives copying them from Vhosts_ispconfig.conf file.

But, and there is a but... how can I autoredirect all the connections to my website from http to https?

Where can I place the redirect? If I place it inside Vhosts_ispconfig.conf everytime I will make a change I will lose it.

Do you think I should place it in httpd.conf or in /etc/apache2/vhosts.d/myhost.conf?

 

Are you sure?

I agree that I can't manually edit eh Vhosts_ispconfig.conf file because of ISPConfig that rewrites it.
But Apache is reading with no problem the myhost.conf file.
I assume that because the SSL connection with client-side authentication works when the file is in position.

 

Hi all,

As I probably already said, I'm trying to make a redirect to https from http.

this is what I've updated in my myhost.conf:

Code:

[COLOR="Orange"]<Directory /var/www/web1/web/>[/COLOR]
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://test.myhost.co.uk/$1 [R,L]
</Directory>

It works OK. (I'm not definitively sure about line in orange, could it be ok?)

To make further tests I've also created another vhost: www.bibuba.com

Now when I require https://www.bibuba.com I receive a client certificate request from the other vhost (test.myhost.com).

Do you know how can I solve this?
I mean, can I restrict the redirection to https just if a particular URL has been requested?
I think I could setup something inside the rewrite section but I don't really have a clue.

Can anyone help me?
Thanks!!

 

Are both hosts on the same IP address? Each SSL vhost must have a seperate IP address.

 

Sorry I didn't explain very well what I did.

I've just created a new website using ISPConfig in the same machine.

The IP address is the same.
I know that SSL can exists only on one IP address and that for me is ok because I need just one site to be accessible via https.

I was wondering if it's possible to avoid that other clients can access my https website (in this case test.myhost.co.uk) just changing the address for their website from http to https.

For example if they have a website like:

http://www.clientwebsite.com
and they change the address to
https://www.clientwebsite.com

the client certificate request come up from the other website.
The url remains still the same, it doens't change to https://test.myhost.com

This is why I was looking for a sort of filter to look to the url and provide the certificate just when the relative url has been requested.

 

Do you have any idea?

 

Unfortunately not...