Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: Oosterheert on April 26, 2014, 04:10:36 PM

Title: Commercial SSL certificates for ibays ?
Post by: Oosterheert on April 26, 2014, 04:10:36 PM

We have a few websites on our SME server and we want 2 of them to have a proper SSL certificate so visitors won't we bothered with warnings and sunch.
However the information on SSL certificates for SME really confuses me.

I've been reading on the subject and specifically these articles in the wiki:
http://wiki.contribs.org/Custom_CA_Certificate
http://wiki.contribs.org/Certificates_Concepts
From this i think i get there can only be 1 central SSL certificate for all ibays and the server-mananger etcetera? But how do i get a commercial certificate for that? I'll need to make a csr with all the needed information right?

Our simplified setup is a s follows:
desired commercial certificate brand: Geotrust rapidssl (or Comodo/Thawte etcetera, we'll switch if needed)
SME 8.1
webmail is not used
primary domain: primarydomain.com
virtual domain: ibay1.primarydomain.com
virtual domain: ibay2.differentdomain.nl

Using the 1st link i've made a csr_request script and generated a key and csr file with it. The accompanying config file reads:

Code: [Select]

HOME = .
RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = primarydomain.com
countryName = NL
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
subjectAltName = critical,DNS:primarydomain.com,DNS:*.primarydomain.com,DNS:ibay2.differentdomain.nl,DNS:*.ibay2.differentdomain.nl,DNS:ibay1.primarydomain.com,DNS:*.ibay1.primarydomain.com
Now i have a csr, but is it correct? and what kind of certiificate do i buy with it? a wildcard certificate?? a multidomain name certificate??
Will this wildcard certificate work for both websites even though they have different domain names

Title: Re: Commercial SSL certificates for ibays ?
Post by: janet on April 26, 2014, 05:13:57 PM

Oosterheert

When you request a certificate you have to include all valid domain names that your server will host.
If you host additional domains later, then you have to get a new certificate that covers all the domain names.

Title: Re: Commercial SSL certificates for ibays ?
Post by: Oosterheert on April 28, 2014, 11:24:45 AM

just to check then:

• There can be only 1 certificate for everything at SME at all times.
• Whenever you add a new domain you need a new certificate

On that 2nd point:

• When you have several subdomains on the same domain:
  • do you need a wildcard certificate?
  • when you allready have a certificate and add a new subdomain on that same domain, do you need a new certificate?
• When you have several subdomains on the several domains:
  • do you need a multidomain certificate?
  • when you allready have a certificate and add a new subdomain on some domain, do you need a new certificate?

[edit]
almost forgot: the "cacert_csr_request" fom http://wiki.contribs.org/Custom_CA_Certificate, is that the correct way of making a csr to use for bying a certificate?
[/edit]

Title: Re: Commercial SSL certificates for ibays ?
Post by: janet on April 28, 2014, 01:50:03 PM

Oosterheert

Re-read my earlier answer, the key words that cover your questions are: "all valid domain names".

How you craft the certificate will depend on what certificate provider you use, so ask them.