+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls (/thread-4696.html)
Pages: 1 2
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - allrob - 07-23-2010 07:38 PM
did a clean install latest debian
this works, but when trying to upload a language file, i noticed the return of an empty file to my browser and nothing uploaded, disabling gnutls fixes this, so it's not working now.
got none of the above errors, checked and working, but now this issue started... (Affected all sites on a live system, now falling back to the ssl mod.)
anyone has an idea? still researching it further...
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - Top44 - 07-23-2010 09:27 PM
Did you compile it or is that the version from the repo ?
The repo´s version is 0.51 ? and the newest on the Homepage is 0.57 ?
Greets
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - allrob - 07-24-2010 01:24 AM
hmmm, good point, ill compile something myself off that website, thnx
ill let you know if it works
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - allrob - 07-24-2010 10:46 AM
i tried compiling the whole bunch, apache restarts clean, no errors, but it still does the same thing, also strange cache problems now surface (those are brand new to me) images load partially, and slow, reloading a page seems to fix it (temporally, it will be back later).
also tried to install the testing debian packages, same story, so at the moment, i'm stuck
ill investigate upstream apache packages & launchpad, might find something, but that's for tomorrow
@Top44 #10
hmmmm, that is a problem indeed
if you add it as an alias in the 2nd host? does that fix it? so add an alias with the www. to the 2nd host (or both) and restart that apache, hope that fixes it, im still stuck
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - Top44 - 07-24-2010 11:25 PM
I tested it with aliases but did not work.
There is a another possibility with a patch for mod_ssl with SNI support.
Would also be a good chance to try.
greets
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - D4rKr0W - 07-29-2010 10:35 PM
Excellent guide, i would like to add a couple of things since i had to go through some extra steps to get the whole thing working with a ssl certificate generated from GoDaddy.
Once you've completed the request procedure, you will be given two certificate files:
yourdomain.tld.crt and gd_bundle.crt
Merge the two files in a file called yourdomain.tld.pem, appending the chain certificate at the end of the cert issued for your domain.
The chain certificate is the one you should be setting as SSLCertificateChainFile if you were using mod_ssl.
This is the file you will be using as GnuTLSCertificateFile
Once you've done that, you will be required to create a private key file that is not password protected. mod_gnutls does not support passworded private keys.
For that you will have to run the following command on your private key:
Code:
openssl rsa -in server.key -out server.key.insecureI was getting the following error because i didn't do the step just above:
Code:
GnuTLS: Failed to Import Private Key '/my/path/to/ssl.key/server.key': (-69) ASN1 parser: Error in DER parsing.You will be using the non passworded private key in GnuTLSKeyFile.
I would also suggest to run
Code:
chmod 400 server.key
chmod 400 server.key.insicure
chmod 444 yourdomain.tld.pemfor security reasons.
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - Max13 - 11-23-2010 05:07 AM
Hello !
I read this How-To and some others on the net.
I'm now using gnutls, but it can't parse the crt I think...:
Code:
Syntax error on line 40 of /etc/apache2/sites-enabled/00_master_ssl.conf:
GnuTLS: Failed to Import Certificate '/etc/apache2/ssl/ispcp.crt': (-207) Base64 unexpected header error.
failed!Here it is... It was generated by InstantSSL, and it's a free ssl certificate...
Google doesn't know anything about this (or not in the first page), so I came here to have more info.
Any idea ?
Thanks.
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - 3dp - 11-24-2010 06:51 AM
I keep getting an apache error when it fires back up:
Quote:... waiting Syntax error on line 3 of /etc/apache2/sites-enabled/02_ssl.conf:
<VirtualHost> directive requires additional arguments
My 02_ssl.conf file:
Code:
NameVirtualHost xx.xx.xx.xx[/quote]:443
<VirtualHost>
ServerName mydomain2.com:443
GnuTLSEnable on
GnuTLSCertificateFile /var/www/web24/ssl/gd_bundle.crt
GnuTLSKeyFile /var/www/web24/ssl/www.mydomain2.com.key
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities
DocumentRoot /var/www/web24/web/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/web24/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /var/www/web24/cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost>
ServerName mydomain1.com:443
GnuTLSEnable on
GnuTLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
GnuTLSKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>Thanks from an SSL noob.
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - Max13 - 11-24-2010 07:17 AM
(11-24-2010 06:51 AM)3dp Wrote: I keep getting an apache error when it fires back up:
Quote:... waiting Syntax error on line 3 of /etc/apache2/sites-enabled/02_ssl.conf:
<VirtualHost> directive requires additional arguments
My 02_ssl.conf file:
Code:
NameVirtualHost xx.xx.xx.xx[/quote]:443
<VirtualHost>
ServerName mydomain2.com:443
GnuTLSEnable on
GnuTLSCertificateFile /var/www/web24/ssl/gd_bundle.crt
GnuTLSKeyFile /var/www/web24/ssl/www.mydomain2.com.key
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities
DocumentRoot /var/www/web24/web/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/web24/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /var/www/web24/cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost>
ServerName mydomain1.com:443
GnuTLSEnable on
GnuTLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
GnuTLSKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
Thanks from an SSL noob.
Hi,
I think <VirtualHost> expects an ip:port, or at least a port...
I think...
--
Cheers, Max13
RE: [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - 3dp - 11-24-2010 07:43 AM
(11-24-2010 07:17 AM)Max13 Wrote: Hi,
I think <VirtualHost> expects an ip:port, or at least a port...
I think...
--
Cheers, Max13
Yep...that was it.