Hi folks, does anybody know, if ISPConfig 2 supports providing an intermediate certificate? I'd say currently not out of the box, only by changing the apache conf's generation template, as an additional config entry is needed to point to the intermediate file. thanks in advance. Ben
Hi Falko, the apache config or the template for the config? Last would be kind of bad as it must be changed each update of ispcfg and does only work for the assumption of using only one ssl cert on the whole host (which is at least no problem for me ) Does it make sense to add another textbox in the ssl config interface, as many of the CAs tend to intermediate CA certs.
I'm not sure - but maybe you can include the intermediate certificate in the main Apache configuration? In that case you don't have to modify the template. (BTW, you could place the customized template in /root/ispconfig/isp/conf/customized_templates, and it will not be overwritten in case of an update.)
good idea, but except "{SSL}" there is nothing in the vhost master template?! EDIT: Ok it did work more or less. I added the Intermediate CA line below {SSL} with the result having this line in each vhost block instead of just in the ssl block. Luckily apache does not complain about this. Is there a better way to customize the ssl block directly?
The only other way might be to edit the function in config.lib.php file that creates the ssl block. If I remember correctly, it is named make_vhost. But then you might have to patch the file after every ispconfig update, so this solution is not ideal too.
As I have to patch one line regarding the safe mode and the open_basedir paths I think about patching only one line for an include to the additional config. But thanks for the info.
a possible fix? I have a few sites that use SSL and I needed to add an intermediate certificate as certificates are renewed. So putting an intermediate certificate reference into the vhosts file was never going to be a solution. I have simply put the line SSLCACertificateFile /home/www/cabundle.crt into apache2.conf and it seems to be working OK.