Current time: 11-26-2024, 02:45 PM Hello There, Guest! (LoginRegister)


Post Reply 
SSL works for panel - not for domain
Author Message
thibotus01 Offline
Junior Member
*

Posts: 47
Joined: Feb 2009
Reputation: 0
Post: #1
SSL works for panel - not for domain
Hi, this is the begining of 00_master.conf :

Code:
<VirtualHost IP:80>

RewriteEngine on
RewriteCond %{SERVER_PORTS} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/ [L,R]

</VirtualHost>


<VirtualHost IP:443>

SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain.panel.tld.crt
SSLCertificateKeyFile /etc/ssl/certs/domain.panel.tld.key

...................

when I go to the panel via http, it redirects me to https, and all works fine

And this the ispcp.conf :

Code:
# httpd [domain2.tld] sub entry BEGIN.

<VirtualHost IP:443>

SSLEngine On
SSLCertificateFile /etc/ssl/certs/domain2.tld.crt
SSLCertificateKeyFile /etc/ssl/certs/domain2.tld.key

When I go to https://domain2.tld I got "Problem Loading Page' 'Unable to Connect'". But via http is still working. Why that? The 443 port is specified!
08-04-2009 10:27 PM
Find all posts by this user Quote this message in a reply
ceco91 Offline
Moderator
*****
Moderators

Posts: 95
Joined: Jan 2009
Reputation: 0
Post: #2
RE: SSL works for panel - not for domain
Could you give us some more details like Apache logs ? From the written above I see only the http conf.
08-04-2009 11:44 PM
Find all posts by this user Quote this message in a reply
thibotus01 Offline
Junior Member
*

Posts: 47
Joined: Feb 2009
Reputation: 0
Post: #3
RE: SSL works for panel - not for domain
Logs Apache : "Invalid method in request \x80O\x01\x03"

This is the https conf in the ispcp.conf
(This post was last modified: 08-04-2009 11:47 PM by thibotus01.)
08-04-2009 11:47 PM
Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #4
RE: SSL works for panel - not for domain
please post the output of :
netstat -anp |grep apache|grep LISTEN

or look by yourself if apache is listening on the ip & 443 of your domain2.tld ip
(This post was last modified: 08-04-2009 11:48 PM by ephigenie.)
08-04-2009 11:47 PM
Visit this user's website Find all posts by this user Quote this message in a reply
thibotus01 Offline
Junior Member
*

Posts: 47
Joined: Feb 2009
Reputation: 0
Post: #5
RE: SSL works for panel - not for domain
Yeah I think It's listening :

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11149/apache2
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11149/apache2
unix 2 [ ACC ] STREAM LISTENING 42591 11153/apache2 /var/run/apache2/cgisock.11149
unix 2 [ ACC ] STREAM LISTENING 44769 11696/php5-cgi /var/lib/apache2/fcgid/sock/11154.1
unix 2 [ ACC ] STREAM LISTENING 47557 12140/php5-cgi /var/lib/apache2/fcgid/sock/11154.2
unix 2 [ ACC ] STREAM LISTENING 50466 12841/php5-cgi /var/lib/apache2/fcgid/sock/11154.3
unix 2 [ ACC ] STREAM LISTENING 50864 12940/php5-cgi /var/lib/apache2/fcgid/sock/11154.4
unix 2 [ ACC ] STREAM LISTENING 42998 11307/php5-cgi /var/lib/apache2/fcgid/sock/11154.0
unix 2 [ ACC ] STREAM LISTENING 58897 14887/php5-cgi /var/lib/apache2/fcgid/sock/11154.5


If the connection in https to the admin panel works, apache is listening on 443.
08-04-2009 11:50 PM
Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #6
RE: SSL works for panel - not for domain
SSL negotiation takes place BEFORE the client requesting any domain/location, so there is NO WAY for apache to know which domain the client will be accessing. Therefore, it CAN NOT use different certificates for different name-based VirtualHosts.

Now guess what happens if you try to use different certificates under the same IP... yeah, "Invalid method in request \x80O\x01\x03" Tongue
(This post was last modified: 08-05-2009 12:32 AM by kilburn.)
08-05-2009 12:31 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #7
RE: SSL works for panel - not for domain
@kilburn:

right unless you use a solution with support for SNI (f.e. mod_gnutls)
(This post was last modified: 08-05-2009 12:33 AM by rbtux.)
08-05-2009 12:33 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #8
RE: SSL works for panel - not for domain
@rbtux:

right, unless your websites have users on IE (any version)+WinXP, which doesn't support SNI at all. I would say that nowadays this is a "deal breaker"...
(This post was last modified: 08-05-2009 12:35 AM by kilburn.)
08-05-2009 12:34 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #9
RE: SSL works for panel - not for domain
yes ofcourse... I didn't say it's useful, just said it's possible ;-))
08-05-2009 12:38 AM
Visit this user's website Find all posts by this user Quote this message in a reply
thibotus01 Offline
Junior Member
*

Posts: 47
Joined: Feb 2009
Reputation: 0
Post: #10
RE: SSL works for panel - not for domain
Well I tried to use the same certificate, just replacing domain2.tld.crt with domain.panel.tld.crt
But same problem...
08-05-2009 12:39 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 5 Guest(s)