Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: darren on August 15, 2002, 11:17:10 AM

Title: Custom SSL Certificates
Post by: darren on August 15, 2002, 11:17:10 AM

What i am tring to do is use seperate ssl certificates for each virtual domain.

I have been looking at this file
/etc/e-smith/templates/etc/httpd/conf/http/conf/VirtualHosts/225SSLDirectives
and it appears all i need to do is set $SSLstatus to enabled and i can't find where it is initially setup (ie disabled).can anyone tell me where to look.

cheers darren
p.s a copy of the file is below.

my $SSLstatus = db_get_prop($confref, 'modSSL', 'status') || 'disabled';

    if ($SSLstatus eq 'enabled')
    {
        #------------------------------------------------------------
        # SSL Stuff
        #------------------------------------------------------------

        my $customCrt = db_get_prop($confref, "modSSL", "crt");
        my $crt = $customCrt ? $customCrt :
                "/home/e-smith/ssl.crt/secure.${DomainName}.crt";
        my $customKey = db_get_prop($confref, "modSSL", "key");
        my $key = $customKey ? $customKey :
                "/home/e-smith/ssl.key/secure.${DomainName}.key";

        $OUT .= <    # SSL Directives

    SSLEngine on
    SSLCertificateFile $crt
    SSLCertificateKeyFile $key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1$

SSL_END
    }
}

Title: Re: Custom SSL Certificates
Post by: Jon Blakely on August 15, 2002, 11:52:58 AM

Darren,

Check /home/e-smith/configuration

modSSL=service|status|enabled

Jon

Title: template commands
Post by: darren on August 15, 2002, 12:15:31 PM

ok i have figured out that if i change the DomainName to virtualHost it points to the correct files.
now how can i change the template to check if the file exists

Title: Re: Custom SSL Certificates
Post by: Charlie Brady on August 15, 2002, 05:41:39 PM

darren wrote:
 
> What i am tring to do is use seperate ssl certificates for
> each virtual domain.

You are wasting your time. It can't be done. The client doesn't tell the server which virtual domain it wants until after the certificate has already been used to set up SSL.

Charlie

Title: Re: Custom SSL Certificates
Post by: darren on August 16, 2002, 06:19:47 AM

i have already figured out how to make it select the correct ssl certificate depending on the website what i need to do is find out if there is a template command to check if the file exists

Title: Re: Custom SSL Certificates
Post by: Jeff Coleman on August 19, 2002, 04:24:01 AM

Darren,

If you get this working pls post a howto.  This is an important issue for multi-domain hosting.

-jeff

Title: Re: Custom SSL Certificates
Post by: Charlie Brady on August 19, 2002, 05:58:25 AM

darren wrote:

> i have already figured out how to make it select the correct
> ssl certificate depending on the website

If you've managed to do that without using separate IP addresses or separate ports for each virtual domain, then I'd really like to know your secret. All the information I have says this is impossible.

Regards

Charlie

Title: Re: Custom SSL Certificates
Post by: Tom Carroll on August 27, 2002, 02:40:40 PM

Darren, this has just come up for me.  Is there a way to get it to work?

Title: Re: Custom SSL Certificates
Post by: darren on August 28, 2002, 06:19:07 AM

Charlie Brady:
>You are wasting your time. It can't be done. The client doesn't tell the server >which virtual domain it wants until after the certificate has already been used to >set up SSL.


This is correct..