Ssl

Discussion in 'Installation/Configuration' started by m u r, Jul 13, 2007.

  1. m u r

    m u r Member

    I have a site (www.mydomain.com) and want one page to be secure. I set up a new site (secure.mydomain.com) and created an SSL certificate. When I enter https://secure.mydomain.com, it asks for a username and password. Is this right? Also, it still allows me to go to http://secure.mydomain.com. I want it to only be able to access the page securely.

    Also, I read somewhere that you can only have one certificate per IP address. Is there a way to use the same certificate I use to login to ISPConfig login on the one form so I don't have to use another IP address?

    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig is on port 81, so the SSL certificate on ISPConfig does not confflict with the ssl certificate on port 443.

    You may have one SSL certificate per IP address on every port.
     
  3. falko

    falko Super Moderator Howtoforge Staff

  4. m u r

    m u r Member

    I've already got the certificate. I just don't know how to apply it to a page on my site.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    If you did the above, the certificate is already applied to the site where you created it.
     
  6. m u r

    m u r Member

    I made a new site, enabled SSL, filled out the information, and created a certificate. I didn't copy and paste anything because I just want a self-signed certificate for now. When I went to secure.mydomain.com, the page still pulls up with http rather than https . . . and it asks for a username and password.
    Code:
    To view this page, you need to log in to area “unspecified” on secure.mydomain.com.
    How do I fix these two issues?
     
  7. falko

    falko Super Moderator Howtoforge Staff

    Did you try https://secure.mydomain.com instead of http://secure.mydomain.com?
     
  8. m u r

    m u r Member

    Yes. When I go to https://secure.mydomain.com, it asks me to accept the certificate, which I expect, then asks me for a username and password, which I did not expect. I do not even know which username and password it wants, but, even if I did, I wouldn't want users to have to enter it each time. So, two issues:

    1) I would like to force it to go to secure only, so if someone enters http, it goes to https.

    2) I don't want visitors to have to enter a username and password every time they pull up the page.

    Thanks.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    The password is not requested by ISPConfig or the ssl certificate. Please make sure that you did not add any .htaccess file to the directory of the website and that you are really login to your current site.
     
  10. m u r

    m u r Member

    I'm positive I did not add one. I created the site specifically for this. All I have done is created the site and added the certificate. I can go to http://secure.mydomain.com without entering a username and password.
     
  11. falko

    falko Super Moderator Howtoforge Staff

    What's in Vhosts_ispconfig.conf, and what's the document root of the https://secure.mydomain.com web site? Please check that directory for an .htaccess file.
     
  12. m u r

    m u r Member

    Vhosts_ispconfig.conf:
    Code:
    root@server1:/# vim /etc/apache2/vhosts/Vhosts_ispconfig.conf
    
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web3/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
    </VirtualHost>
    #
    <IfModule mod_ssl.c>
    <VirtualHost 192.168.0.100:443>
    ServerName secure.mydomain.com:443
    ServerAdmin [email protected]
    DocumentRoot /var/www/web3/web
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias  /cgi-bin/ /var/www/web3/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web3/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php3>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php4>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    <Files *.php5>
        SetOutputFilter PHP
        SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode On
    php_admin_value open_basedir /var/www/web3/
    php_admin_value file_uploads 1
    php_admin_value upload_tmp_dir /var/www/web3/phptmp/
    php_admin_value session.save_path /var/www/web3/phptmp/
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    SSLEngine on
    SSLCertificateFile /var/www/web3/ssl/secure.mydomain.com.crt
    SSLCertificateKeyFile /var/www/web3/ssl/secure.mydomain.com.key
    Alias /error/ "/var/www/web3/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web3/user/$1/web/$3
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    </VirtualHost>
    </IfModule>
    #
    
    Code:
    root@server1:/# ls /var/www/web3/web
    error  index.html  stats
     
  13. popper2001

    popper2001 New Member

    What about inserting this into the vHost of your subdomain:
    Code:
    SSLRequireSSL
    Then you shouldn't be able to access the site without SSL.
     
  14. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    ls -la /var/www/web3/web
    ?
     
  15. m u r

    m u r Member

    Code:
    root@mail:~# ls -la /var/www/web3/web
    total 24
    drwxrwxr-x 4 mydomain.com_secure web3 4096 2007-07-14 04:00 .
    drwxr-xr-x 8 mydomain.com_secure web3 4096 2007-07-23 14:47 ..
    drwxrwxr-x 2 mydomain.com_secure web3 4096 2007-07-13 15:45 error
    -rw-rw-r-- 1 mydomain.com_secure web3 4456 2007-07-22 05:39 index.html
    drwxr-xr-x 2 mydomain.com_secure web3 4096 2007-07-14 04:00 stats
    root@mail:~# ls -la /var/www/web3/
    total 40
    drwxr-xr-x 8 mydomain.com_secure web3 4096 2007-07-23 14:47 .
    drwxr-xr-x 8 root                root 4096 2007-07-13 15:45 ..
    drwxrwxr-x 2 mydomain.com_secure web3 4096 2007-07-13 15:45 cgi-bin
    -rw------- 1 mydomain.com_secure web3   24 2007-07-22 05:39 .forward
    drwxr-xr-x 3 mydomain.com_secure web3 4096 2007-07-14 00:30 log
    lrwxrwxrwx 1 root                root   46 2007-07-22 05:39 Maildir -> /var/www/web3/user/mydomain.com_secure/Maildir
    drwxrwxrwx 2 mydomain.com_secure web3 4096 2007-07-13 15:45 phptmp
    -rw-r--r-- 1 root                root  520 2007-07-22 05:39 .procmailrc
    drwxr-xr-x 2 mydomain.com_secure web3 4096 2007-07-13 15:47 ssl
    drwxr-xr-x 3 mydomain.com_secure web3 4096 2007-07-21 00:23 user
    lrwxrwxrwx 1 root                root   54 2007-07-22 05:39 .vacation.cache -> /var/www/web3/user/mydomain.com_secure/.vacation.cache
    drwxrwxr-x 4 mydomain.com_secure web3 4096 2007-07-14 04:00 web
    and this is the message I get when I try to access https://secure.mydomain.com:

    Code:
    To view this page, you need to log in to area “unspecified” on secure.mydomain.com. Your log-in information will be sent securely.
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the output of:

    dig secure.mydomain.com
     
  17. m u r

    m u r Member

    Code:
    root@mail:~# dig secure.mydomain.com
    
    ; <<>> DiG 9.3.4 <<>> secure.mydomain.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38353
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;secure.mydomain.com.           IN      A
    
    ;; ANSWER SECTION:
    secure.mydomain.com.    86400   IN      A       166.70.145.195
    
    ;; Query time: 1 msec
    ;; SERVER: 172.16.10.3#53(172.16.10.3)
    ;; WHEN: Tue Jul 24 08:14:51 2007
    ;; MSG SIZE  rcvd: 53
    
    root@mail:~# 
    Also, when I am asked to review the certificate, the information on the certificate does not match what I entered in the SSL tab.

    When I go to any of my sites with https, it gives me the same thing. Did it not create the certificate?
     
  18. falko

    falko Super Moderator Howtoforge Staff

    Is 166.70.145.195 the correct IP address?
     

Share This Page