Topic: ssl cert virtual domains

[crazybob]

I was mistaken, it did work. I was using SSLport in place of SSLPort

I will be looking into the SSLcert file to see how to modify it.  Any pointers appreciated

Thanks so much for your help.

Bob

[crazybob]

Should I be able to incorporate this into the modified 80VirtualHosts file?

[cactus]

Should I be able to incorporate this into the modified 80VirtualHosts file?

What? I am unsure to what you are referring.

[crazybob]

Sorry, I was referring to the ssl certs for the virtual domain
My thought was as long I was already setting the ssl port, to set the crt and key also. I am attempting this, and am going to try to set either a string that gives path and name for the cert and key, or just a '#.' if nothing is entered in the db

I have a modified  25SSLdirectives that looks like this

Code: [Select]

{
     return "    # skipping SSL directives\n" unless $port eq $sslport;

    return "" unless $modSSL{'status'} eq 'enabled';

    $OUT =  <<SSL_END;
    # SSL Directives
    SSLEngine on
SSL_END
}

{
    #------------------------------------------------------------
    # get a list of our virtual hosts and make a hash table so we
    # can look up content later
    #------------------------------------------------------------

    $OUT = '';

    use esmith::DomainsDB;

    my $db = esmith::DomainsDB->open_ro;
    unless ($db)
    {
warn "Couldn't open domains DB in VirtualHosts template fragment";
return;
    }

    my @domains = $db->get_all_by_prop('type' => 'domain');
    #------------------------------------------------------------
    # generate VirtualHosts - primary domain first
    #------------------------------------------------------------
    foreach my $domain (
(grep { ($_->prop('SystemPrimaryDomain') || 'no') eq 'yes' } @domains),
(grep { ($_->prop('SystemPrimaryDomain') || 'no') ne 'yes' } @domains),
)
    {
my $templatePath = $domain->prop('TemplatePath') || 'VirtualHosts';
my $crt = $domain->prop('vcrt') || " ";
       my $key = $domain->prop('vkey') || " ";

   
 
    $OUT .= <<SSL_END;
SSLCertificateFile $crt
SSLCertificateKeyFile $key
SSL_END

}
}
At this point it is changing all v/domains, It also seems to place an extra 'SSLCertificateFile'  in each domain. I think I can get it to work with just a little more tinkering, but I am getting tired.

[crazybob]

I was not having much luck, so I tried moving the virtual domain to a copy of SME7.5 running in VM ware. I gave that server the fqdn of the virtual domain i am working with. I installed a cert, and used proxypass to point requests to the new domain. Still no joy. https requests still see my main server cert. Should there be an easy way around this?

[CharlieBrady]

Should there be an easy way around this?

No. You need to understand that SSL is negotiated before the hostname of the query is interpreted - therefore, before proxy pass and before virtual domain handling.

The only way that you can have separate certificates for different virtual domains is to use a different IP address or a different port for each virtual domain.

[janet]

crazybob

IIUC what you are after, then an approach you can take is to incorporate all the domains into one certificate, as is done in this CACert Howto
http://wiki.contribs.org/Custom_CA_Certificate
Similar steps should apply to whichever "brand" of certificate you buy.

[crazybob]

Thanks Charlie, That will stop the tearing of the hair.

And thanks to Mary, I willl check out CA_cert.   

[crazybob]

I bought a cert from startssl.com. Seems to be doing the job. Thanks all for the help.