Project InfoSponsor & PartnerInstalling ispCPFAQDocumentationDevelopment
Current time: 11-29-2024, 10:20 AM Hello There, Guest! (LoginRegister)

ispCP - Board - Support / ispCP Omega Contributions Area / Howtos v / [HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls

Post Reply 
[HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls
Author Message
Murodese Offline
Newbie
*

Posts: 7
Joined: May 2008
Reputation: 0
Post: #1
[HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls
So I was looking for a solution to the annoying single cert per ip/port and found mod_gnutls - it's been in development for quite a while, but has skimmed under the radar from what I can see.

Basically, it supports SNI - server name indication, which means that it doesn't suffer from the single cert limitation. Not only that, it's pretty easy to install (in etch/lenny at least). If your distro doesn't have it in repositories, you can grab and compile it from source at http://www.outoforder.cc/projects/apache/mod_gnutls/

Code:
apt-get install libapache2-mod-gnutls
a2dismod ssl (this should happen automatically from apt but do it anyway to make sure)
a2enmod gnutls

Edit /etc/apache2/ports.conf and add the following line.

Code:
Listen 443

Create/open /etc/apache2/sites-available/02_ssl.conf and write up your virtual hosts.

(x.x.x.x being your server ip)

Code:
NameVirtualHost x.x.x.x:443

<VirtualHost>

ServerName domain1.tld:443

GnuTLSEnable on
GnuTLSCertificateFile /path/to/crt/file/1
GnuTLSKeyFile /path/to/key/file/1
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities

DocumentRoot /var/www/virtual/domain1.tld/htdocs

(other apache directives)

</VirtualHost>


<VirtualHost>

ServerName domain2.tld:443

GnuTLSEnable on
GnuTLSCertificateFile /path/to/crt/file/2
GnuTLSKeyFile /path/to/key/file/2
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities

DocumentRoot /var/www/virtual/domain2.tld/htdocs

(other apache directives)

</VirtualHost>

Where I've marked other apache directives, you need to add config directives from the standard ispcp.conf file - suexec parameters and the like, or php won't work.

Enable the site (a2ensite 02_ssl.conf) and restart Apache (/etc/init.d/apache2 restart) and you should have two separate domains hosted off the same server using different ssl certificates ;]

(I haven't tested this extensively so let me know if anything major is broken - it appears to work ok on our server)

I also didn't cover making your ssl certificates - there's a tonne of tutorials out there already for this.

Enjoy!
(This post was last modified: 10-14-2008 02:31 PM by Murodese.)
10-14-2008 02:07 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
[HowTo] Multiple SSL Certificates on a Single IP/Port using mod_gnutls - Murodese - 10-14-2008 02:07 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | isp Control Panel ( ispCP ) | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication