Multi SSL domains on same IP

Discussion in 'Installation/Configuration' started by msource, Nov 29, 2007.

  1. msource

    msource New Member

    Hi,

    I installed ISPconfig in a Debian Etch following the perfect Debian Etch install on the Documentation over www.ispconfig.com.
    The ISPconfig is working fine, but i want to be able to create more than one SSL.

    When i try to create a second Certificate on one domain it gives me the following message: An SSL certificate does already exist for this IP.

    Could i follow the: http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch
    or does anyone know another best pratical way of implementing this on ISPConfig?

    Keep the good work.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig does not support multiple SSL certs on one IP. If you patch your apache as described in the howto, you will have to change the ISPConfig sourcecode to disable this security check that prevents you from adding more then one SSL site per IP.
     
  3. msource

    msource New Member

    Hi,

    I follow the link that i gave in the previous post. Until now this is OK, now i can create multiple SSL's, but i have to test it in some produciont domain to see if all is ok.

    Tanks for the reply.
     
  4. msource

    msource New Member

    After applying the patch, i was able to create miltiple SSL per domain.

    But i notice that hi have some warning's in my /var/log/apache2/error.log
    ############
    [Mon Dec 03 10:18:13 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Mon Dec 03 10:18:13 2007] [warn] RSA server certificate CommonName (CN) `WWW.LIZ-ONLINE.PT' does NOT match server name!?
    [Mon Dec 03 10:18:13 2007] [warn] Init: SSL server IP/port conflict: icaro.liz-online.pt:443 (/etc/apache2/apache2.conf:724) vs. www.orelhas.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:92)
    [Mon Dec 03 10:18:13 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
    ############

    Is this normal because of the aplication of the patch?
     
  5. msource

    msource New Member

    Hi,

    I have a problem with multiple SSL Certificates.
    If i create 2 distinct domain's with distinct SSL certificates, the detail's are allways from the sharedip information. Point 4 on http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch

    I create 2 domain: orelhas.pt and imunostar.pt
    On both i activate de SSL suporte and create diferente Certficiates for the 2 domains, but the info relative to SSL Certificate is from the shared IP, not from the cretificate that i create form eatch domain.

    How can i solve this?
     
  6. msource

    msource New Member

    Hi,

    I have an example https://icaro.liz-online.pt/
    The certificate that appears, is the certificate that was created for (Create a default secure site that users will see if they are using a non RFC 4366 compliant browser.) on point 4 of the HowTo.

    It's a bit urgent because i have to put 3 sites on-line with SSL certificates.
     
  7. stars

    stars New Member

    Sorry for bringing up old topic, but I've searched forum with no luck of resolving multidomian SSL cert problem.

    I have multidomain SSL cert for 3 different domains generated on th base of CSR of one of those domains using ISPconfig.

    1) I Generated CSR for first of those domains (eg. domain1.tld) and got multidomian SSL cert
    2) I pasted and saved certificate and SSL bundle (CA) in ISPconfig panel for domain1.tld - everything works fine for first domain SSL and non SSL
    3) But if I try to save cert for other 2 domains I got errors in apache error log:

    Code:
    [warn] RSA server certificate CommonName (CN) 'domain1.tld' does NOT match server name!?
    [Mon Aug 26 15:27:12 2013] [error] Unable to configure RSA server private key
    [Mon Aug 26 15:27:12 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    [Mon Aug 26 15:32:50 2013] [warn] RSA server certificate CommonName (CN) `domain1.tld' does NOT match server name!?
    [Mon Aug 26 15:32:50 2013] [error] Unable to configure RSA server private key
    [Mon Aug 26 15:32:50 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    .. then ISPconfig says "Apache did not restart after the configuration change for website domain2.tld. Reverting the configuration."

    What is propper way of installing multidomian SSL cert?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sue that you use ISPConfig 2 and not 3? You posted here in a very old ISPConfig 2 thread, ispconfig 2 and 3 are different server controlpanels. So everything posted here about ispconfig 2 does not apply to ISPConfig 3.
     
  9. stars

    stars New Member

    Yes my mistake, found this topic after search. Of course I am using ISPconfig 3.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The error message that you got means that the ssl cert and key do not match. If you want to use the same ssl cert in multiple sites, then you have to copy the content of the sl cert and the conetnt of the ssl key field in ispconfig to the new website and then select save as action.
     
  11. stars

    stars New Member

    Works like a charm, thanks!
     
  12. duyduc

    duyduc New Member

    Of course I am using ISPconfig 3
     

Share This Page