How to set-up SNI with ISPConfig3.0.5.4p5

Discussion in 'Installation/Configuration' started by Nap, Jan 13, 2015.

  1. Nap

    Nap Member

    I would like to setup SNI, but I haven't been able to find any information about how ISPConfig actually handles it.
    I have enabled SNI in my server settings. My vhost files in sites-available each have a <IfModule mod_ssl.c> section, but there are no directives inside them.

    Is there a guide available explaining how this is done through ISPConfig? Do I need to manually edit the vhost files (which I think would cause a problem for ISPConfig)? Or do I add the directives through the Sites->Domain->Options->Apache Directives textbox?

    What do I need to do next?

    Cheers,
    Nap
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no configuration required at all, thats why you dont find any information on it. Just add more then one website with ssl on an IP or * and SNI is sued automatiaclly.
     
  3. Nap

    Nap Member

    ic. But it didn't happen that way :(



    I've editted the vhost files for a couple domains on my test server by adding:
    1) port *:443 to VirtualHost's port list :
    Code:
    <VirtualHost *:80 *:443>
    2) the necessary info into the mod_ssl section
    Code:
    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/domain.cert
    SSLCertificateKeyFile /etc/ssl/private/domain.key
    And I created a certificate for each of these domains using the openssl command.

    It seems to be working.

    I have no idea why ISPConfig didn't handle this for me. SNI was enabled when I installed, and all my sites have SSL enabled.


    Cheers,
    Nap
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Your manual changes are not required as the ssl vhost is a separate vhot part in the same file. If its not there, then ssl is not enabed for that site in ispconfig. Check the site settings to ensure that the ssl checkbox for this site is enabled. Then go to the ssl tab of the website, ensure that the ssl cert and key field are filled in and that you have selected "save certificate" as action and clicked on save afterwards.
     
  5. Nap

    Nap Member

    Yes, I did that and it worked. Thanks :)
    I'm going to have a read about creating a CA certificate etc.
    Cheers,
    Nap
     

Share This Page