Hi, We have a website (https://www.imunostar.pt/) that work's with the Verisign Certificate. How can we implement this certificate on a domain in the ISPConfig? We have to follow some insctruction that verisign gave us for create a crt to send it to them. Then they send us one crt that contains the correct certificate. Keep the good working. This Framework is very cool.
Thanks for your quied anwser. Just one more thing. If i want to do this in more than one domain.tld, i have to configure my ISPConfig by this howto (http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch), How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions, ore there is no need configure this? Did this solution funcion on ISPConfig defualt?
You dont have to recompile apache, you can add one SSL website per IP address in ISPConfig without any modifications in apache if you have enough free IP addresses.
Hi, I just have one server, with one NIC, and one IP. I installed ISPConfig on that machine. I have 4 clients that i have to give HTTPS access with the certificate from verisign. With this cenario, i need the apply the patch?
Cool...that would be awesome. Can you at least give me a hint... what are the ./config parameters for openssl using openssl-0.9.8g? Is it ./config prefix=/usr/local --openssldir=/usr/local ?
Question about CSR When CSRs are generated, do they use a blank passphrase? I haven't been able to find any info on passphrases. Thanks, --Chris
Hi, I can create the SSL cetificates for more than one domain. It gave allways the Shared IP page. I need to solve this problem. I Apply the patch And it seems allright. But when i follow this instructions, i'm unable to put the https ok. It allways appears the Shared IP page. How can i solve this problem? I whant to pass the domain imunostar.pt with https enable on the ISPConfig, but i'm unable do complete this thing. Falko, can you please help me, please? I dont know what else can i do.
Hi, I found an error in /var/log/apache2/error.log: Code: [Tue Dec 18 12:00:17 2007] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Dec 18 12:00:17 2007] [warn] RSA server certificate CommonName (CN) `WWW.LIZ-ONLINE.PT' does NOT match server name!? [Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: icaro.liz-online.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:64) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713) [Tue Dec 18 12:00:17 2007] [warn] Init: SSL server IP/port conflict: localhost:443 (/etc/apache2/apache2.conf:725) vs. www.imunostar.pt:443 (/etc/apache2/vhosts/Vhosts_ispconfig.conf:2713) [Tue Dec 18 12:00:17 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! I apply the patch, so, why it gave-me this error?
Now i remove all my SSL sites, and creat just one (www.imunostar.pt), with the certificate from VeriSgn. My Apache2 hang's... when i tried to force-reload it, it five me a Failed. If i remove the certificate from the domain, the apache started correctly with out no problems. I need to put this on. Sorry for being a pain in the ass, but i need to solve this problem.
Are you sure that you do not have more then one SSL vhost per IP? Please make sure that you have just one SSL vhost configured in ISPConfig and that you do not have any manuylla configures SSL sites in your apache configuration.
Hi, Till tanks for the quick anwser. I just configure the How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions. There is a point (point4) in the how-to that tell us to create the following: Create a default secure site that users will see if they are using a non RFC 4366 compliant browser. PHP: mkdir /var/www/sharedip/ssl cd /var/www/sharedip/ssl openssl genrsa -des3 -passout pass:yourpassword -out 192.168.1.2.key2 1024 openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -out 192.168.1.2.csr -days 365 openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key 192.168.1.2.key2 -in 192.168.1.2.csr -out 192.168.1.2.crt -days 365 openssl rsa -passin pass:yourpassword -in 192.168.1.2.key2 -out 192.168.1.2.key chmod 400 192.168.1.2.key then... Edit /etc/apache2/apache2.conf and place this above Include /etc/apache2/vhosts/Vhosts_ispconfig.conf PHP: NameVirtualHost 192.168.1.2:443 <VirtualHost 192.168.1.2:443> ServerName localhost ServerAdmin root@localhost DocumentRoot /var/www/sharedip SSLEngine on SSLCertificateFile /var/www/sharedip/ssl/192.168.1.2.crt SSLCertificateKeyFile /var/www/sharedip/ssl/192.168.1.2.key </VirtualHost> Ok all teh toturial is done. Now, i create a domain.tld and enable SSL suporte. Then i create a certificate, and copy the certificate that verisign sent to me. After i save the certificate, the apache2 hang up. I realy dont know what is appening.....
And you are really sure that you replaced the apache server with the new server compiled in the howto? Maybe the patch did not apply correct as your current apache seems not to support multiple SSL certs per IP address.
Enable Multiple HTTPS Sites on fedor Hi Guys, Is the How to available for fedora yet? Also, I have a dedicated IP direct to the server. Would it be possible to setup Virtual IPs and use them for SSl certificates? If so. is there a "How To"? Thanks
Hi Folko, What is a best way to do this. I am trying to avoid buying IP addresses to set up SSL enabled sites. 1. I read about “Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions” However, I do not how to do this on Fedora 8??? 2. I can create Virtual IPs (Just another name for local addresses such as 10.0.0.1 etc… and make them an alliance of the Static IP I have. I am not sure if this will work as technically the IPs will be local??? Well, hope you can guide me to accomplish the set up SSL enabled sites with one IP. Thanks, Ramin
