[BlueOnyx:15456] Re: SSL : wildcard cert on two blueonyx websites on same domain
OCEANET - Cédric BASSAGET
cedric at oceanet.com
Fri May 23 09:01:10 -05 2014
Where are the apache instructions about SSL (SSLCertificateFile,
SSLCertificateKeyFile, ...) located ? I can't find them in vhost config
files...
Meaulnes, you're telling me that there is a way ton enable ssl on two
vhosts (same domain) in shell access. How ? Can't understand how SSL is
enabled on a vhost.
Regards,
Cédric
OCEANET
---------------------------------------------------------------
[AGENCE DU MANS]
7, rue des Frênes
ZAC de la Pointe
72190 SARGE LES LE MANS
[t] +33 (0)2.43.50.26.50
[f] +33 (0)2.43.72.21.14
[AGENCE D'ANGERS]
5, rue Fleming
Angers Technopole
49066 ANGERS
[t] +33 (0)2.41.19.28.65
[f] +33 (0)2.52.19.22.00
http://www.oceanet.com
http://www.oceanet-telecom.com
On 23/05/2014 14:38, WaveWeb - Meaulnes Legler wrote:
> On 22.05.14 20:49, WaveWeb - Meaulnes Legler wrote : schrieb : a écrit
> : ha scritto : escribó :
>> On 22.05.14 19:07, Chris Gebhardt - VIRTBIZ Internet wrote : schrieb : a écrit :
>> ha scritto : escribó :
>> > On 5/22/2014 11:14 AM, OCEANET - Cédric BASSAGET wrote:
>> >> Hello,
>> >> I've purchased a wildcard SSL certificate for *.mydomain.com
>> >> I want to enable SSL on two different websites in blueonyx interface :www.mydomain.com and play.mydomain.com.
>> >> How can I do that ?
>> > Hi Cedric,
>> > I see what you mean. However, in our implementation it is necessary to place each SSL site on a unique IP address. It is not possible to place 2 SSL sites on a single IP address.
> Cédric, you're right, only one SSL-domain per IP _if you enable it
> over BlueOnyx's GUI_.
>
> Chris: it will still work for you since SSL-certificates are, AFAIK,
> name-specific, not IP-specific. In 2011, I set up two wildcard domains
> that work for the webserver, the admin-server and mail servers of
> those virtual domains. I jotted down the procedure since it ain't
> something I do often, it follows here. Be aware that the method might
> have change since then, don't make me liable! But if you backup all
> keys and certificates thoroughly, you can always step back...
>
> HowTo SSL on BlueOnyx
> *********************
>
> for generating the keys and certificates, please see «HowTo SSL on BlueQuartz.txt». The process results in the two files
> private.key
> certificate.crt
> that can be stored at any secure place and might have a different name.
>
>
> Web Server
> ==========
> On BlueOnyx, the certificates are installed in the certs/ directory of the domain. Back them up:
> mv /home/sites/www.domain.tld/certs/key /home/sites/www.domain.tld/certs/key-yyyy.mm.dd
> mv /home/sites/www.domain.tld/certs/certificate /home/sites/www.domain.tld/certs/certificate-yyyy.mm.dd
> Install the two certificates:
> cp -p private.key /home/sites/www.domain.tld/certs/key
> cp -p certificate.crt /home/sites/www.domain.tld/certs/certificate
> Then, restart the Apache server:
> /etc/rc.d/init.d/httpd restart
>
>
> Admin Server
> ============
> If the server runs under the name of domain of the issued certificate, the self signed certificate can be replaced by the trusted one issued. Backup the self signed certificates in
> mv /etc/admserv/certs/key /etc/admserv/certs/key-yyyy.mm.dd
> mv /etc/admserv/certs/certificate /etc/admserv/certs/certificate-yyyy.mm.dd
> and install the same certificates as previously:
> cp -p private.key /etc/admserv/certs/key
> cp -p certificate.crt /etc/admserv/certs/certificate
> and restart the admin server:
> /etc/rc.d/init.d/admserv restart
>
>
> Mail Servers
> ============
> - The *incoming* mail server, the open source IMAP and POP3 mail server called «Dovecot», has its own SSL key and certificate that secures for the whole server with all its virtual domains. It inevitably has the same domain name as the Admin server and can use its same key and certificate. The Dovecot key and the certificate are located in /etc/pki/dovecot/ and should be backed up, too:
> mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem-yyyy.mm.dd
> mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem-yyyy.mm.dd
> Then install the same certificates as previously:
> cp -p private.key /etc/pki/dovecot/private/dovecot.pem
> cp -p certificate.crt /etc/pki/dovecot/certs/dovecot.pem
> and restart the dovecot mail server:
> /etc/init.d/dovecot restart (alias: mailer restart )
> - The *outgoing* mailserver «sendmail» has also its own SSL key/certificate. Its location can be read from the sendmail.cf configuration file which points to the same file, meaning that the key and the certificate are both in the same file named sendmail.pem located in /usr/share/ssl/certs/. First backup the original file:
> mv /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/sendmail.pem-yyyy.mm.dd
> than concatenate the key file with the certificate file to the combined key/certificate:
> cat private.key certificate.crt > /usr/share/ssl/certs/sendmail.pem
> and restart the sendmail server:
> /etc/rc.d/init.d/sendmail restart (alias: mailsend restart )
>
>
> Favicon
> =======
> To install a favicon to the Admin Server pages, copy the file to /usr/sausalito/ui/web/ where the
> login.php is located.
>
>
> At following address, the functionality of the installation can be checked:
> https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556
>
> ml 1.2011
> Meaulnes Legler
> --
> Meaulnes Legler ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ http://www.WaveWeb.ch ~ ~
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Zurich, Switzerland ~ ~ +41\0 44 260 16 60 ~
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
>
> Meaulnes Legler
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> ~ www.WaveWeb.ch ~
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> ~ Zurich, Switzerland ~
> ~ tel: +41 44 2601660 ~
>
>
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140523/a4ec3092/attachment.html>
More information about the Blueonyx
mailing list