Hello, We have a ispconfig3 server with several domains. Until now, nobody had ssl certificates (except for us for the admin interface). We set up SSL for a customer, put the crt, key and ca-bundle contents on the SSL page for their site. So far so good. The problem, which I'm not sure it's a bug, is that their certificate is exposed for all other virtual hosts. How can I prevent this.. or at least expose our certificate, not the customer one, when they visit https://www.othercustomer.com Shouldn't SNI (the ability to use SSL for virtualhosts) handle this? Thanks, Julian.
SNI can handle this only when all vhosts on that IP have ssl enabled. if one vhost has no ssl enabled and you access the domain by https, then the first vhost in alphabetical order is shown instead.
Hi. Thanks for the reply. What I ended up doing was to create a default virtualhost for *:443, in 000-default.conf, cloning the *:80 version and adding these lines: Code: <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle </IfModule> That way, any site which has not specific ssl config will receive our certificate, instead of our customer's. Julian.
