Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: perelandra on December 02, 2007, 01:51:26 AM

Title: Multi Domains Certificate (UCC)
Post by: perelandra on December 02, 2007, 01:51:26 AM

Hi there,

does the SME Server support a Multi Domain SSL Certificate like godaddy.com is selling it?

https://www.godaddy.com/gdshop/ssl/ssl.asp?isc=gameday01&ci=9173#tabs

I have several domains running on my server and I'd like to secure them without the popping up warning about the self-signed certificate. Firefox 3 will reject self-signed certs in a similar way, IE7 does it... This is annoying sometimes, especially for some users...

Any advice or help is very appreciated!

Greets, Johannes.

Title: Re: Multi Domains Certificate (UCC)
Post by: perelandra on December 08, 2007, 10:11:37 PM

Hm, I got a helpful answer in Thread http://forums.contribs.org/index.php?topic=39326.0
Also the WIKI entry helped me integrating the GoDaddy certificate.

Still one more thing: they sent me a ChainCertificate with my purchased certificate. Their help sections says:

Quote

Note: Before you install your issued SSL certificate you must install our intermediate certificate bundle (gd_intermediate_bundle.crt) on your Web server. You may also download the intermediate certificate bundle from the repository.

Installing SSL Certificate and the Intermediate Certificate

   1. Copy your SSL certificate file and the intermediate bundle file to your Apache server. You should already have a key file on the server from when you generated your certificate request.
   2. Edit your Apache configuration to reference these files. The exact configuration file you will edit will depend on your version of Apache, your OS platform, and/or the method used to install Apache. In Apache 1.3, you will most likely edit the main httpd.conf file. In Apache 2.x, you will most likely edit the ssl.conf file.
   3. Locate the following directives. If one or more of them are currently commented out, uncomment them by removing the '#' character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file:
          * SSLCertificateFile /path/to/your/certificate/file
          * SSLCertificateKeyFile /path/to/your/key/file
          * SSLCertificateChainFile /path/to/intermediate/bundle/file
   4. Save your configuration file and restart Apache.

Is there a command to integrate the chain cert, beside these to commands?

Code: [Select]

config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt
config setprop modSSL key /home/e-smith/ssl.key/{domain}.key
I may outcomment in ssl.conf the line about the SSLChain... cert; but is this the only thing to do? It seems, that the db also needs to know about the chain file... (The thread http://forums.contribs.org/index.php?topic=24067.0 seems a bit outdated since 7.2 uses a different Apache version).

Another point is, that I have two places where I find my SSL keys and certs:

Code: [Select]

/home/e-smith/...
/etc/httpd/conf/...
In the second place they are just called "server.crt" and "server.key". In the first place they are called server.MY.PRIMARY.DOMAIN.TLD.crt" and "server.MY.PRIMARY.DOMAIN.TLD.key"

Which of the needs to be replaced with the new cert?
Seems, that I'd need both of them?!?

Any help - as usual - is highly appreciated!

Title: Re: Multi Domains Certificate (UCC)
Post by: perelandra on December 08, 2007, 10:21:17 PM

Ouch... after some more searching it seems, that there is the command I was searching for:

Code: [Select]

config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt
config setprop modSSL key /home/e-smith/ssl.key/{domain}.key
config setprop modSSL CertificateChainFile /usr/share/ssl/certs/gd_intermediate_bundle.crt
signal-event console-save
httpd -k graceful
service httpd-admin restart

Is there a need for a reboot?

See also http://forums.contribs.org/index.php?topic=38963.0

I'll give this one a try... The second question is still open ;-)

Title: Re: Multi Domains Certificate (UCC)
Post by: perelandra on December 16, 2007, 11:52:18 AM

For additional progress and information about this stuff see http://forums.contribs.org/index.php?topic=32422

Is anybody interested in a HOWTO to use GoDaddy Certs on a SME machine? I'd write one...

The 5 Domains I use the (one) GoDaddy UCC with are listed below. You are invited to test if they work fine:

http://tinyurl.com/27bgw9
http://tinyurl.com/3x2dp2
http://tinyurl.com/2a2pt9
http://tinyurl.com/2nbf2o
http://tinyurl.com/2ymjhg

Title: Re: Multi Domains Certificate (UCC)
Post by: rshiras on December 14, 2009, 06:49:48 PM

I am very interested in a How-To on UCC from GoDaddy.  It is causing me grief at the moment.
I'm sure I'm not the only one.
Right now I'd pay money to have someone do it for me.

Title: Re: Multi Domains Certificate (UCC)
Post by: raghav on December 16, 2009, 09:50:04 PM

Hi,
 I am having a nightmare getting the UCC cert on to the SME server, if you have the time or if you have already written a HowTo, I would love to have a look at it.

hope you will reply.

with regards

Title: Re: Multi Domains Certificate (UCC)
Post by: janet on December 17, 2009, 12:17:04 AM

raghav

This has been answered in other forum posts by rshiras (& myself) in the last few days, so search and read.