Hi, during my SSL certificates implementation, I have noticed this note in documentation: "note that you can have just one SSL web site per IP address" Doeas it really means, I can provide only for one customer SSL certificate? Thank you in advanced.
yes on ssl per ip so if you have 5 sites wanting ssl u would need 5 ip for that server one ip per site and ssl cert kwick
We've implemented SNI in recent ISPConfig versions which means you can have multiple SSL vhosts per IP. Modern browsers support this: Browsers/clients with support for TLS server name indication: Opera 8.0 and later (the TLS 1.1 protocol must be enabled) Internet Explorer 7 or later (under Windows Vista and later only, not under Windows XP) Firefox 2.0 or later Curl 7.18.1 or later (when compiled against an SSL/TLS toolkit with SNI support) Chrome 6.0 or later (on all platforms - releases up to 5.0 only on specific OS versions) Safari 3.0 or later (under OS X 10.5.6 or later and under Windows Vista and later) You can test your own browser here: https://alice.sni.velox.ch/
SSL IP configuration question Hi falco, on the folder system/ip adresses, do I set external or internal Ip for the customers? What's the right way when I'm behind a router with a server and I have an internal IP on the webserver? Setting the 'wrong' IP can refuse apache2 from starting. On my fb-page I get the following error now: Fehler 501 (net::ERR_INSECURE_RESPONSE): Unbekannter Fehler. messing around with this SSL ; ) *uh* when I read the guide here I'd think it can be right only to set the internal IP http://www.ispc-wiki.org/ispconfig3-anleitung regards PS: I own the ISPConfig 3 Manual Version 1.2 for ISPConfig 3.0.3.3 Author: Falko Timme <[email protected]> Last edited 05/04/2011 but it's not explained here how to set it right UPDATED: set the internal IP, deleted & re-create the certificate and after a few minutes facebook accepted the certificate again. The problem is the fact that I'm the only 'client' who can create the certs due to the unique IP overlap, otherwise you'll see: Is it possible to fix the message sec_error_untrusted_issuer? Hm, now I found all domains redirected directly to my IP instead of the website folders, it's annoying : (
If you want to use SNI, enabele the checkbox "Enable SNI" under System > Server Config > Web and then use * for all websites and not the IP address. You need to get a officially signed ssl cert, e.g. from startssl. SNI is a feature of ISPConfig 3.0.4 and your manual is for ISPConfig 3.0.3.3.
You must always use IP addresses that you see in the output of Code: ifconfig . The system does not know other IPs.
