<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Where are the apache instructions about
SSL (SSLCertificateFile, SSLCertificateKeyFile, ...) located ? I
can't find them in vhost config files...<br>
<br>
Meaulnes, you're telling me that there is a way ton enable ssl on
two vhosts (same domain) in shell access. How ? Can't understand
how SSL is enabled on a vhost.<br>
<br>
Regards,<br>
Cédric<br>
<pre class="moz-signature" cols="72">OCEANET
---------------------------------------------------------------
[AGENCE DU MANS]
7, rue des Frênes
ZAC de la Pointe
72190 SARGE LES LE MANS
[t] +33 (0)2.43.50.26.50
[f] +33 (0)2.43.72.21.14
[AGENCE D'ANGERS]
5, rue Fleming
Angers Technopole
49066 ANGERS
[t] +33 (0)2.41.19.28.65
[f] +33 (0)2.52.19.22.00
<a class="moz-txt-link-freetext" href="http://www.oceanet.com">http://www.oceanet.com</a>
<a class="moz-txt-link-freetext" href="http://www.oceanet-telecom.com">http://www.oceanet-telecom.com</a></pre>
On 23/05/2014 14:38, WaveWeb - Meaulnes Legler wrote:<br>
</div>
<blockquote cite="mid:537F412C.2090505@waveweb.ch" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix"><small>On 22.05.14 20:49, WaveWeb -
Meaulnes Legler wrote : schrieb : a écrit : ha scritto :
escribó :<br>
</small> </div>
<blockquote cite="mid:537E46AD.6060303@waveweb.ch" type="cite">
<pre wrap=""><small>On 22.05.14 19:07, Chris Gebhardt - VIRTBIZ Internet wrote : schrieb : a écrit :
ha scritto : escribó :
> On 5/22/2014 11:14 AM, OCEANET - Cédric BASSAGET wrote:
>> Hello,
>> I've purchased a wildcard SSL certificate for *.mydomain.com
>> I want to enable SSL on two different websites in blueonyx interface : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.mydomain.com">www.mydomain.com</a> and play.mydomain.com.
>> How can I do that ?
> Hi Cedric,
> I see what you mean. However, in our implementation it is necessary to place each SSL site on a unique IP address. It is not possible to place 2 SSL sites on a single IP address.</small>
</pre>
</blockquote>
Cédric, you're right, only one SSL-domain per IP <u>if you enable
it over BlueOnyx's GUI</u>.<br>
<br>
Chris: it will still work for you since SSL-certificates are,
AFAIK, name-specific, not IP-specific. In 2011, I set up two
wildcard domains that work for the webserver, the admin-server and
mail servers of those virtual domains. I jotted down the procedure
since it ain't something I do often, it follows here. Be aware
that the method might have change since then, don't make me
liable! But if you backup all keys and certificates thoroughly,
you can always step back...<br>
<br>
<pre style=" background-color:#ffe">HowTo SSL on BlueOnyx
*********************
for generating the keys and certificates, please see «HowTo SSL on BlueQuartz.txt». The process results in the two files
private.key
certificate.crt
that can be stored at any secure place and might have a different name.
Web Server
==========
On BlueOnyx, the certificates are installed in the certs/ directory of the domain. Back them up:
mv /home/sites/www.domain.tld/certs/key /home/sites/www.domain.tld/certs/key-yyyy.mm.dd
mv /home/sites/www.domain.tld/certs/certificate /home/sites/www.domain.tld/certs/certificate-yyyy.mm.dd
Install the two certificates:
cp -p private.key /home/sites/www.domain.tld/certs/key
cp -p certificate.crt /home/sites/www.domain.tld/certs/certificate
Then, restart the Apache server:
/etc/rc.d/init.d/httpd restart
Admin Server
============
If the server runs under the name of domain of the issued certificate, the self signed certificate can be replaced by the trusted one issued. Backup the self signed certificates in
mv /etc/admserv/certs/key /etc/admserv/certs/key-yyyy.mm.dd
mv /etc/admserv/certs/certificate /etc/admserv/certs/certificate-yyyy.mm.dd
and install the same certificates as previously:
cp -p private.key /etc/admserv/certs/key
cp -p certificate.crt /etc/admserv/certs/certificate
and restart the admin server:
/etc/rc.d/init.d/admserv restart
Mail Servers
============
- The *incoming* mail server, the open source IMAP and POP3 mail server called «Dovecot», has its own SSL key and certificate that secures for the whole server with all its virtual domains. It inevitably has the same domain name as the Admin server and can use its same key and certificate. The Dovecot key and the certificate are located in /etc/pki/dovecot/ and should be backed up, too:
mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem-yyyy.mm.dd
mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem-yyyy.mm.dd
Then install the same certificates as previously:
cp -p private.key /etc/pki/dovecot/private/dovecot.pem
cp -p certificate.crt /etc/pki/dovecot/certs/dovecot.pem
and restart the dovecot mail server:
/etc/init.d/dovecot restart (alias: mailer restart )
- The *outgoing* mailserver «sendmail» has also its own SSL key/certificate. Its location can be read from the sendmail.cf configuration file which points to the same file, meaning that the key and the certificate are both in the same file named sendmail.pem located in /usr/share/ssl/certs/. First backup the original file:
mv /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/sendmail.pem-yyyy.mm.dd
than concatenate the key file with the certificate file to the combined key/certificate:
cat private.key certificate.crt > /usr/share/ssl/certs/sendmail.pem
and restart the sendmail server:
/etc/rc.d/init.d/sendmail restart (alias: mailsend restart )
Favicon
=======
To install a favicon to the Admin Server pages, copy the file to /usr/sausalito/ui/web/ where the
login.php is located.
At following address, the functionality of the installation can be checked:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556">https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556</a>
ml 1.2011
</pre>
Meaulnes Legler
<div class="moz-signature">-- <br>
Meaulnes Legler ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.WaveWeb.ch">http://www.WaveWeb.ch</a> ~ ~ ~ ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Zurich, Switzerland ~ ~ +41\0 44 260 16 60
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ <br>
<br>
Meaulnes Legler
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</td>
</tr>
<tr>
<td>~ <tt> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.WaveWeb.ch">www.WaveWeb.ch</a> </tt> ~</td>
</tr>
<tr>
<td>~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~</td>
</tr>
<tr>
<td>~ <small><tt>Zurich, Switzerland</tt></small> ~ <br>
~ <small><tt>tel: +41 44 2601660</tt></small> ~</td>
</tr>
</tbody>
</table>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Blueonyx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<a class="moz-txt-link-freetext" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
</pre>
</blockquote>
<br>
</body>
</html>