Discussion in 'Installation/Configuration' started by boardmain, Aug 5, 2005.

  1. boardmain

    boardmain New Member

    i can create only one certificate for ip?

    i can't create for any domain?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats a limitation in the Apache Webserver. Only one SSL enabled
    vHost per IP.
  3. KenMcGinnis

    KenMcGinnis New Member

    I want a 'real' SSL Cert

    I have everything installed and working ok - but it has that dummy cert. My web site name is I want people to download some files and I need the site to show a 'real' certificate. I can get the cert files ok, Where can I put them?

    My server is at Can I put that in the SSL Cert request and have it work for all web sites on my server? If not, how can I do that? I would like all web sites to have the cert and use where xxxx can be anything?
  4. falko

    falko Super Moderator Howtoforge Staff

    The files are in /root/ispconfig/httpd/conf/ssl.*.

    You need a certificate for _each_ web site. But note that you can only have one SSL web site per IP address!
  5. KenMcGinnis

    KenMcGinnis New Member

    I have 2 dsl connections with 2 ip addresses and 2 lan cards in my server. Each dsl router opens ports to one of the lan cards.

    Can I have 2 SSL certificates since I have 2 IP addresses?

    One problem I have noticed is that I can only have one default gateway (when I set it for one lan card, it automatically sets the same value for the other lan card)
  6. falko

    falko Super Moderator Howtoforge Staff

    Yes, one for each IP address.
  7. KenMcGinnis

    KenMcGinnis New Member

    Two SSL Certs with 2 IP addresses

    Sorry if I am asking basic questions, but I do not have much time in with Linux. I set up an apache2 server with SuSE 9.0 about 18 months ago using a cookbook (which I can't find anymore). The system never went down or had a single problem so I lost all my notes and forgot how I did things. I have ispconfig running just fine now with 4 resellers and about 16 clients. One of the clients must have ssl for file http downloads (and 3 others are probably going to require it).

    You said (above) where to put the cert files and I did that and it works. But how to put a 2nd one? if I name it server.key/crt, it will write over the 1st one?
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    If you have ISPConfig installed you dont have to make SSL-Certificates manually, just use the functions in ISPConfig. ISPConfig takes care where to store the certificate files and make the correct entries in the vhost configuration.
  9. KenMcGinnis

    KenMcGinnis New Member

    Thanks that worked, pretty easy. This is a pretty powerful interface.

    I found the cert it made - in /srv/www in that client location. I guess if I send the code off somewhere and get a regular certificate, I can paste it in the crt window and save and that will do it?
  10. falko

    falko Super Moderator Howtoforge Staff

    You can send the code from the "SSL Request" textarea in the ISPConfig interface to a Certificate Authority (CA) like The certificate you get back has to be copied to the "SSL Certificate" textarea, and under "Action" you choose "Save certificate" and click on "Save". That's it. :)
  11. KenMcGinnis

    KenMcGinnis New Member

    Virtual IP

    One more related question: In your "perfect setup" you mention:

    "I want to create a virtual network card eth0:0 with the IP address (my main one is in this example) so I select Add:"

    Can this 'virtual IP' be used with an SSL Certificate? If not, what was the purpose? I don't see where you use the Virtual IP for anything.
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, this virtual IP can be used for SSL or when you need an IP-Based vhost (site).
  13. KenMcGinnis

    KenMcGinnis New Member

    multiple vhosts from a single ip

    I am still researching this as I have some clients breathing down my back.

    Regarding your post above about the virtual ip. I do have a virtual IP (in Suse9.3 - additional IP), however it is not in the drop down list for a site that I have setup. The site is now working fine on but I want to change it so I can have a SSL cert.

    I understand it is possible to have multiple vhosts on a single IP by using different ports. For example you could have one on xx.xx.xx.xx:80 and a different one on xx.xx.xx.xx:8080. Another way is to have a wildcard cert ( Supposedly both of these work with apache2. Do either of these work with ispconfig?
    Last edited: Aug 12, 2005
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you entered the IP in the controlpanel under Management > Server > Settings?

    I've never tested wildcard certificates with ISPConfig. If you want to know how ISPConfig configures your apache serve, have a look at the
    Vhost_ispconfig.conf file in the directory vhosts in your apache configuration directory.
    Last edited: Aug 13, 2005
  15. falko

    falko Super Moderator Howtoforge Staff

    You can have as many vhosts as you like on a single IP address using the same port as long as they do not use SSL.
    If you use SSL and only have one IP address you must use different ports, but then you have to type the port into the browser's address bar as long as it's not the standard https port (443). E.g. you would have to type I don't think this is what your clients want... :rolleyes:

    A wildcard certificate means that all subdomains of a domain (e.g.,,, etc.) can use that certificate, without a warning popping up in the visitor's browser. If you use a wildcard certificate, then all your clients would have to use a subdomain of, and I don'T think your clients want that either...
    Last edited: Aug 13, 2005
  16. KenMcGinnis

    KenMcGinnis New Member

    multiple SSL Cert with one IP

    Thanks, that helps.
    1. no I did not enter the virtual IP on the management screen. That is now fixed.

    Regarding the options for multiple IPs with ports:
    The port thing may work for me. I have the client go to a web page with http: as usual. They only need the encryption with cert when they download. So I have a link on the web page to the file to download. The client only sees the name of the file. The actual link can be anything so having the port appended is not a problem.

    So I now have the domain set up on the IP - it works fine.

    1. I changed the IP to (a virtual port) checked the 'SSL' box and created and saved the cert. How do I access it now?

    2. I tried entering in the management/server/settings and using that IP but it does not work. Note that when I do use that new port, I can only see in the drop down box - maybe that is the problem?

    I need a hint how to access a domain on an IP using a different port.
  17. falko

    falko Super Moderator Howtoforge Staff

    You can only enter IP addresses under Management -> Server -> Settings, not IP addresses with ports.

    You could copy your SSL vhost from the Vhosts_ispconfig.conf file to your main httpd.conf (so that the vhost doesn't get overwritten by ISPConfig anymore) and change port 443 to 445. Then you have to add
    Listen 445
    to the main section of your httpd.conf and restart Apache.
  18. guentherhoven

    guentherhoven New Member

    One thing you did not mention is that you can are still required to use only 1 ip address for even wildcard certificates.
    Also, i keep seeing all of these CA's being posted, but you can actually buy them all at one place, Try these links out:
    Standard certs -
    Wildcard certs -
    SSL Information/Knowledge Base (good stuff)

Share This Page