+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Enhancements (/forum-43.html)
+--- Thread: SSL support (/thread-7737.html)
Pages: 1 2
SSL support - Blondak - 09-03-2009 05:26 AM
Hi,
i have start wrote SSL support for ISPCP (using mod_gnutls), but i don't know where to setup SSL sites, I think about add checkbox "Enable SSL" and if enabled allow enter path for https, or automatic create htdocs-ssl? Do you have any ideas on GUI design?
RE: SSL support - kilburn - 09-03-2009 06:03 AM
Wow! Blondak... sci2tech has been working on SSL support for quite a while now. He is waiting to commit it until we release 1.0.3 (because current stable is buggy :S).
Contact him if you want to help, but duping all the work is not gonna take us anywhere (sci2tech is a hard-core- developer, so I don't think you can integrate this better than him
)
RE: SSL support - gOOvER - 09-03-2009 06:18 AM
Blondak, you made a lot in the last Time. Why don't you join the DevTeam? Every helping hand is needed
RE: SSL support - sci2tech - 09-03-2009 06:42 AM
It is already done so do not waist time on it. It`s using mod_ssl and the draw back is that you need separate ip for each domain enabled ssl. But at least it is compatible with all browsers.
I`ll like to see you joining us, you did a real great job with DNS management.
RE: SSL support - aseques - 09-03-2009 07:49 AM
Just a comment on what was saying blondak, I think that both approaches are important.
There're lots of people that want to have their admin are managed under ssl, but don't want to pay for an extra ip plus a certificate.
I those cases I would use either gnutls (problem with lack of support) or the plain standard server certificate shared with all the hosts and with the error display.
In my case I did a couple of changes in the creation templates so every customer has a httpsdocs folder. So people can have a taste of security (still having to bypass security warnings about the certificate)
If you are interested there's something in the forum, just don't recall where I put it.
RE: SSL support - Blondak - 09-03-2009 04:44 PM
(09-03-2009 06:42 AM)sci2tech Wrote: It is already done so do not waist time on it. It`s using mod_ssl and the draw back is that you need separate ip for each domain enabled ssl. But at least it is compatible with all browsers.
I`ll like to see you joining us, you did a real great job with DNS management.
I choose mod_gnutls, because yo don't need one IP (or port) for each domain,
Quote:mod_gnutls can also use 'Server Name Indication', as specified in RFC 3546. Currently all the recent browsers support this standard .I test it on IE6 on Windows XP and main problem was, that IE use first offeres certificate :/ (almost same issue, if you are using single IP) but on supported browsers it works without problem. So I think that we can support both of these options.
And I'm very honored that you offer me joining dev team, and I accept your invitation.
RE: SSL support - rbtux - 09-03-2009 06:52 PM
why are ip adresses an issue for an isp?
RE: SSL support - gOOvER - 09-03-2009 07:18 PM
Not everyone is an ISP
We also have some private costumers
RE: SSL support - aseques - 09-03-2009 08:06 PM
(09-03-2009 06:52 PM)rbtux Wrote: why are ip adresses an issue for an isp?Not a real issue for small numbers, but there're tons of people looking to cut costs, and using a selfsigned certificate is one (at least 60€ per year if you want something trusted) plus that if you gave and ip address for every domain you manage (in case everyone was insterested in having a ssl area), the RIPE boys would start billing you some serious money.
RE: SSL support - Blondak - 09-03-2009 11:18 PM
(09-03-2009 06:52 PM)rbtux Wrote: why are ip adresses an issue for an isp?
etc. i must pay 90€/year, if 10 customers will need SSL on 2 subdomains, (without * certificate) its next 20 IP adresses, no problem with IPv6 but IPv4, how many domains i can run on single machine?