On 22.05.14 20:49, WaveWeb - Meaulnes Legler wrote : schrieb : a écrit : ha
scritto : escribó :
On 22.05.14 19:07, Chris Gebhardt - VIRTBIZ Internet wrote : schrieb : a écrit :
ha scritto : escribó :
> On 5/22/2014 11:14 AM, OCEANET - Cédric BASSAGET wrote:
>> Hello,
>> I've purchased a wildcard SSL certificate for *.mydomain.com
>> I want to enable SSL on two different websites in blueonyx interface :
www.mydomain.com and play.mydomain.com.
>> How can I do that ?
> Hi Cedric,
> I see what you mean. However, in our implementation it is necessary to place
each SSL site on a unique IP address. It is not possible to place 2 SSL sites on
a single IP address.
Cédric, you're right, only one SSL-domain per IP _if you enable it over
BlueOnyx's GUI_.
Chris: it will still work for you since SSL-certificates are, AFAIK,
name-specific, not IP-specific. In 2011, I set up two wildcard domains that
work for the webserver, the admin-server and mail servers of those virtual
domains. I jotted down the procedure since it ain't something I do often, it
follows here. Be aware that the method might have change since then, don't make
me liable! But if you backup all keys and certificates thoroughly, you can
always step back...
HowTo SSL on BlueOnyx
*********************
for generating the keys and certificates, please see «HowTo SSL on
BlueQuartz.txt». The process results in the two files
private.key
certificate.crt
that can be stored at any secure place and might have a different name.
Web Server
==========
On BlueOnyx, the certificates are installed in the certs/ directory of the
domain. Back them up:
mv /home/sites/www.domain.tld/certs/key
/home/sites/www.domain.tld/certs/key-yyyy.mm.dd
mv /home/sites/www.domain.tld/certs/certificate
/home/sites/www.domain.tld/certs/certificate-yyyy.mm.dd
Install the two certificates:
cp -p private.key /home/sites/www.domain.tld/certs/key
cp -p certificate.crt /home/sites/www.domain.tld/certs/certificate
Then, restart the Apache server:
/etc/rc.d/init.d/httpd restart
Admin Server
============
If the server runs under the name of domain of the issued certificate, the self
signed certificate can be replaced by the trusted one issued. Backup the self
signed certificates in
mv /etc/admserv/certs/key
/etc/admserv/certs/key-yyyy.mm.dd
mv /etc/admserv/certs/certificate
/etc/admserv/certs/certificate-yyyy.mm.dd
and install the same certificates as previously:
cp -p private.key /etc/admserv/certs/key
cp -p certificate.crt /etc/admserv/certs/certificate
and restart the admin server:
/etc/rc.d/init.d/admserv restart
Mail Servers
============
- The *incoming* mail server, the open source IMAP and POP3 mail server called
«Dovecot», has its own SSL key and certificate that secures for the whole
server with all its virtual domains. It inevitably has the same domain name as
the Admin server and can use its same key and certificate. The Dovecot key and
the certificate are located in /etc/pki/dovecot/ and should be backed up, too:
mv /etc/pki/dovecot/private/dovecot.pem
/etc/pki/dovecot/private/dovecot.pem-yyyy.mm.dd
mv /etc/pki/dovecot/certs/dovecot.pem
/etc/pki/dovecot/certs/dovecot.pem-yyyy.mm.dd
Then install the same certificates as previously:
cp -p private.key /etc/pki/dovecot/private/dovecot.pem
cp -p certificate.crt /etc/pki/dovecot/certs/dovecot.pem
and restart the dovecot mail server:
/etc/init.d/dovecot restart (alias: mailer restart )
- The *outgoing* mailserver «sendmail» has also its own SSL key/certificate.
Its location can be read from the sendmail.cf configuration file which points
to the same file, meaning that the key and the certificate are both in the same
file named sendmail.pem located in /usr/share/ssl/certs/. First backup the
original file:
mv /usr/share/ssl/certs/sendmail.pem
/usr/share/ssl/certs/sendmail.pem-yyyy.mm.dd
than concatenate the key file with the certificate file to the combined
key/certificate:
cat private.key certificate.crt > /usr/share/ssl/certs/sendmail.pem
and restart the sendmail server:
/etc/rc.d/init.d/sendmail restart (alias: mailsend restart )
Favicon
=======
To install a favicon to the Admin Server pages, copy the file to
/usr/sausalito/ui/web/ where the
login.php is located.
At following address, the functionality of the installation can be checked:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556
ml 1.2011
Meaulnes Legler
--
Meaulnes Legler ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ http://www.WaveWeb.ch ~ ~ ~ ~ ~ ~ ~
~ ~ ~ ~ ~ ~ ~ ~ Zurich, Switzerland ~ ~ +41\0 44 260 16 60 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ ~ ~ ~
Meaulnes Legler
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ www.WaveWeb.ch ~
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
~ Zurich, Switzerland ~
~ tel: +41 44 2601660 ~
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
