[BlueOnyx:15454] Re: SSL : wildcard cert on two blueonyx websites on same domain
WaveWeb - Meaulnes Legler
infos at waveweb.ch
Fri May 23 07:38:04 -05 2014
On 22.05.14 20:49, WaveWeb - Meaulnes Legler wrote : schrieb : a écrit : ha scritto : escribó :
> On 22.05.14 19:07, Chris Gebhardt - VIRTBIZ Internet wrote : schrieb : a écrit :
> ha scritto : escribó :
> > On 5/22/2014 11:14 AM, OCEANET - Cédric BASSAGET wrote:
> >> Hello,
> >> I've purchased a wildcard SSL certificate for *.mydomain.com
> >> I want to enable SSL on two different websites in blueonyx interface : www.mydomain.com and play.mydomain.com.
> >> How can I do that ?
> > Hi Cedric,
> > I see what you mean. However, in our implementation it is necessary to place each SSL site on a unique IP address. It is not possible to place 2 SSL sites on a single IP address.
Cédric, you're right, only one SSL-domain per IP _if you enable it over BlueOnyx's GUI_.
Chris: it will still work for you since SSL-certificates are, AFAIK, name-specific, not IP-specific. In 2011, I set up two wildcard domains that work for the webserver, the admin-server and mail servers of those virtual domains. I jotted down the procedure since it ain't something I do often, it follows here. Be aware that the method might have change since then, don't make me liable! But if you backup all keys and certificates thoroughly, you can always step back...
HowTo SSL on BlueOnyx
*********************
for generating the keys and certificates, please see «HowTo SSL on BlueQuartz.txt». The process results in the two files
private.key
certificate.crt
that can be stored at any secure place and might have a different name.
Web Server
==========
On BlueOnyx, the certificates are installed in the certs/ directory of the domain. Back them up:
mv /home/sites/www.domain.tld/certs/key /home/sites/www.domain.tld/certs/key-yyyy.mm.dd
mv /home/sites/www.domain.tld/certs/certificate /home/sites/www.domain.tld/certs/certificate-yyyy.mm.dd
Install the two certificates:
cp -p private.key /home/sites/www.domain.tld/certs/key
cp -p certificate.crt /home/sites/www.domain.tld/certs/certificate
Then, restart the Apache server:
/etc/rc.d/init.d/httpd restart
Admin Server
============
If the server runs under the name of domain of the issued certificate, the self signed certificate can be replaced by the trusted one issued. Backup the self signed certificates in
mv /etc/admserv/certs/key /etc/admserv/certs/key-yyyy.mm.dd
mv /etc/admserv/certs/certificate /etc/admserv/certs/certificate-yyyy.mm.dd
and install the same certificates as previously:
cp -p private.key /etc/admserv/certs/key
cp -p certificate.crt /etc/admserv/certs/certificate
and restart the admin server:
/etc/rc.d/init.d/admserv restart
Mail Servers
============
- The *incoming* mail server, the open source IMAP and POP3 mail server called «Dovecot», has its own SSL key and certificate that secures for the whole server with all its virtual domains. It inevitably has the same domain name as the Admin server and can use its same key and certificate. The Dovecot key and the certificate are located in /etc/pki/dovecot/ and should be backed up, too:
mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem-yyyy.mm.dd
mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem-yyyy.mm.dd
Then install the same certificates as previously:
cp -p private.key /etc/pki/dovecot/private/dovecot.pem
cp -p certificate.crt /etc/pki/dovecot/certs/dovecot.pem
and restart the dovecot mail server:
/etc/init.d/dovecot restart (alias: mailer restart )
- The *outgoing* mailserver «sendmail» has also its own SSL key/certificate. Its location can be read from the sendmail.cf configuration file which points to the same file, meaning that the key and the certificate are both in the same file named sendmail.pem located in /usr/share/ssl/certs/. First backup the original file:
mv /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/sendmail.pem-yyyy.mm.dd
than concatenate the key file with the certificate file to the combined key/certificate:
cat private.key certificate.crt > /usr/share/ssl/certs/sendmail.pem
and restart the sendmail server:
/etc/rc.d/init.d/sendmail restart (alias: mailsend restart )
Favicon
=======
To install a favicon to the Admin Server pages, copy the file to /usr/sausalito/ui/web/ where the
login.php is located.
At following address, the functionality of the installation can be checked:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556
ml 1.2011
Meaulnes Legler
--
Meaulnes Legler ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ http://www.WaveWeb.ch ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Zurich, Switzerland ~ ~ +41\0 44 260 16 60 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Meaulnes Legler
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ www.WaveWeb.ch ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ Zurich, Switzerland ~
~ tel: +41 44 2601660 ~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140523/c8137aec/attachment.html>
More information about the Blueonyx
mailing list