One wildcard ssl for all site

Discussion in 'General' started by GregFr, Jun 24, 2015.

  1. GregFr

    GregFr New Member

    Hi,

    I'm trying to install a ISPCONFIG3 server for multiple site, all on the same main domain. Ex :
    site1.mydomain.tld, site2.mydomain.tld, site3.mydomain.tld

    I want to buy a wildcard ssl for *.mydomain.tld et apply it to all website. Is it possible ? How can i do that ?

    Thank you,
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats possible. You can insert the same ssl cert into the SSL cert field of each website.
     
  3. GregFr

    GregFr New Member

    Thank. How can i generate csr ?

    I try that :
    - Generated CSR via openssl command in console
    - Giving this CSR to the CA
    - Reveived 2 crt file

    - Activated SSL on site1.mydomain.tld
    - Filled SSL Key with the key generated by openssl
    - Filled SSL Cert with crt file received by CA
    - Filled SSL Bundle with crt file received by CA
    - Used "Saving Cert"

    SSL is working BUT the cert is the default ssl generated by server at the install, not the one i bought.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats really esay, login to ispconfig, go to the first website and there to the ssl tab, enter the ssl cert details (the smaller fields at the beginning), select *.domain.tld as domain and "create certificate" as action and press save. You then get a self signed ssl cert plus a csr that you can sign at a ssl authority. Using the opensl command or actions on the shell are not nescessary. The signed ssl cert is then copied back, select save certificate as action and save the new cert. The process is exaplained in detail with screenshots in the ispconfig manual.
     
  5. GregFr

    GregFr New Member

    I try this but :
    i created 2 sites : site1.mydomain.tld & site2.mydomain.tld.
    On site1.mydomain.tld, i can only select site1.mydomain.tld or *.site1.mydomain.tld.

    I cannot select *.mydomain.tld
     
  6. GregFr

    GregFr New Member

    Another strange problem :
    For testing, i configure my 2 website like this :
    site1.mydomain.tld - No SSL
    site2.mydomain.tld - SSL with self signed certif.

    http://site1.mydomain.tld --> OK
    https://site1.mydomain.tld --> site2 is displayed (still with url of site 1) !!!

    site 2 is OK on Http & https.

    ISPCONFIG & SSL became very difficult to understand for me :(
     
  7. GregFr

    GregFr New Member

    Don't find a real solution and why ISPCONFIG didn't save my cert.
    I copy manually with shell my cert file in var/www/clients/client1/web/ssl and now it works !
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    just select "save certificate" as action on the ssl field and press on the save button.
     
  9. GregFr

    GregFr New Member

  10. pssadm

    pssadm Member

    I've done everything above and that works fine for the *.domain.tld. When going to another site in ISPConfig siteb.domain.tld -- what do I do to get the original wildcard cert to work? I've tried copying the *.domain.tld.key and .crt over to the /var/www/siteb.domain.tld/ssl directory but that does not seem to work. Nor does pasting the information from *.domain.tld into the ISP Config SSL tab and pressing SAVE Certification. :(

    To add a bit: I noticed that after trying to update the SSL Tab with the keys from domain.tld. I now see that it failed back to the original unsigned certificates and added a .err extension to files. I can only assume that it doesn't like it, but there is no further error descriptions to tell me what needs to be done to get it to work.
     
    Last edited: Apr 5, 2016
  11. pssadm

    pssadm Member

    Okay, I think I figured this out.
    Instead of using the SSL Tab, leave it empty altogether. Delete any Self Signed Certificate you may have had in there.
    Make sure to enable SSL
    And copy the working .key / .csr & .crt to the approprate name in the ssl directory of the website you're working on. (ie. /var/www/sitename/ssl/sitename.key etc...
    Then restart apache and your golden.
    ;)
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Simply copy the SSL cert, key and bundle of the SSL cert into the apropropriate fields of the SSL tab, select "save certificate" as option and press on the save button.

    This happens when you copied a cert into the wrong field or when cert and key do not match so that apache fails to start, in that case, ispconfig rolls back the last working configuration.

    I highly recommend to redo the sl setup in the way I described above as the way you used now will cause the site to fail sooner or later when you edit it again.
     

Share This Page