+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: SSL works for panel - not for domain (/thread-7392.html)
SSL works for panel - not for domain - thibotus01 - 08-04-2009 10:27 PM
Hi, this is the begining of 00_master.conf :
Code:
<VirtualHost IP:80>
RewriteEngine on
RewriteCond %{SERVER_PORTS} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/ [L,R]
</VirtualHost>
<VirtualHost IP:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain.panel.tld.crt
SSLCertificateKeyFile /etc/ssl/certs/domain.panel.tld.key
...................when I go to the panel via http, it redirects me to https, and all works fine
And this the ispcp.conf :
Code:
# httpd [domain2.tld] sub entry BEGIN.
<VirtualHost IP:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain2.tld.crt
SSLCertificateKeyFile /etc/ssl/certs/domain2.tld.keyWhen I go to https://domain2.tld I got "Problem Loading Page' 'Unable to Connect'". But via http is still working. Why that? The 443 port is specified!
RE: SSL works for panel - not for domain - ceco91 - 08-04-2009 11:44 PM
Could you give us some more details like Apache logs ? From the written above I see only the http conf.
RE: SSL works for panel - not for domain - thibotus01 - 08-04-2009 11:47 PM
Logs Apache : "Invalid method in request \x80O\x01\x03"
This is the https conf in the ispcp.conf
RE: SSL works for panel - not for domain - ephigenie - 08-04-2009 11:47 PM
please post the output of :
netstat -anp |grep apache|grep LISTEN
or look by yourself if apache is listening on the ip & 443 of your domain2.tld ip
RE: SSL works for panel - not for domain - thibotus01 - 08-04-2009 11:50 PM
Yeah I think It's listening :
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11149/apache2
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11149/apache2
unix 2 [ ACC ] STREAM LISTENING 42591 11153/apache2 /var/run/apache2/cgisock.11149
unix 2 [ ACC ] STREAM LISTENING 44769 11696/php5-cgi /var/lib/apache2/fcgid/sock/11154.1
unix 2 [ ACC ] STREAM LISTENING 47557 12140/php5-cgi /var/lib/apache2/fcgid/sock/11154.2
unix 2 [ ACC ] STREAM LISTENING 50466 12841/php5-cgi /var/lib/apache2/fcgid/sock/11154.3
unix 2 [ ACC ] STREAM LISTENING 50864 12940/php5-cgi /var/lib/apache2/fcgid/sock/11154.4
unix 2 [ ACC ] STREAM LISTENING 42998 11307/php5-cgi /var/lib/apache2/fcgid/sock/11154.0
unix 2 [ ACC ] STREAM LISTENING 58897 14887/php5-cgi /var/lib/apache2/fcgid/sock/11154.5
If the connection in https to the admin panel works, apache is listening on 443.
RE: SSL works for panel - not for domain - kilburn - 08-05-2009 12:31 AM
SSL negotiation takes place BEFORE the client requesting any domain/location, so there is NO WAY for apache to know which domain the client will be accessing. Therefore, it CAN NOT use different certificates for different name-based VirtualHosts.
Now guess what happens if you try to use different certificates under the same IP... yeah, "Invalid method in request \x80O\x01\x03"
RE: SSL works for panel - not for domain - rbtux - 08-05-2009 12:33 AM
@kilburn:
right unless you use a solution with support for SNI (f.e. mod_gnutls)
RE: SSL works for panel - not for domain - kilburn - 08-05-2009 12:34 AM
@rbtux:
right, unless your websites have users on IE (any version)+WinXP, which doesn't support SNI at all. I would say that nowadays this is a "deal breaker"...
RE: SSL works for panel - not for domain - rbtux - 08-05-2009 12:38 AM
yes ofcourse... I didn't say it's useful, just said it's possible ;-))
RE: SSL works for panel - not for domain - thibotus01 - 08-05-2009 12:39 AM
Well I tried to use the same certificate, just replacing domain2.tld.crt with domain.panel.tld.crt
But same problem...