Ability to not restrict users to 1 SSL domain per IP

[monarobase]

I find that cPanel doesn't have enough options concerning SSL.

I would like to allow my users to install more than one cert per IP.

How ?

By creating a new virtualhost which points to an SSL cert and port 443 (either to the cert specified by the main domain or if too complicated to a SSL cert specified by the user). Unless I've missed something, the simplest way would be to allow admins to say if a user or plan is limited to 1 per IP or not.

Why ?

Users want to be able to connect to their script admin panels protected by SSL. They don't care about getting a message from their browser saying the domain doesn't correspond.

Pros :

This would allow hosts to propose a different form of shared SSL (other control panels already offer this function), this would allow us to close the moduser system on which we have no control over the bandwith and have bandwidth counted in the users stats.

This would allow users to access sites that don't have relative URI's (ie starting with a slash).


Cons :

I can't think of any except that maybe it would be a good idea to replace the warning message and refusal to create by a message informing the user that the cert is being created on an already used IP and that he will get warnings and have to accept the cert when he accesses the page for the first time in the browser.

[cPanelDavidG]

This request sounds similar to a proposed implementation in this thread:

http://forums.cpanel.net/f145/true-m...rt-152097.html

Would that implementation satisfy your needs? If so, I'll merge these threads and update the merged thread to reflect the requested SSL functionality.

[monarobase]

Yes the requests are similar in the sense that the true domain management would resolve most of the problem but in the short term as I believe that this new system would take quite some time to develop and research, my request is just to have the ability to remove the limit of 1 cert per IP. IE to deactivate just one check when adding an SSL cert.

[cPanelDavidG]

Yes the requests are similar in the sense that the true domain management would resolve most of the problem but in the short term as I believe that this new system would take quite some time to develop and research, my request is just to have the ability to remove the limit of 1 cert per IP. IE to deactivate just one check when adding an SSL cert.

I am not familiar with any standards for SSL that permit multiple certificates on a single IP address. If you can find any standards-compliant methods for placing multiple SSL certificates on a single IP address which is also supported by the majority of web browsers currently in use, that would assist us in moving forward with this request.

[monarobase]

I don't know if this will help but this is a simplified version of how Pl**k does it :

Code:

<IfModule mod_ssl.c>
<VirtualHost IP:443>
	ServerName   DOMAIN:443
	ServerAlias  www.DOMAIN
	DocumentRoot /var/www/vhosts/DOMAIN/httpdocs
	SSLEngine on
	SSLVerifyClient none
	SSLCertificateFile /opt/psa/var/certificates/certQI73548
	<Directory /var/www/vhosts/DOMAIN/httpdocs>
		SSLRequireSSL
	</Directory>
</VirtualHost>
</IfModule>

<VirtualHost IP:80>
	ServerName   DOMAIN:80
	ServerAlias  www.DOMAIN
	DocumentRoot /var/www/vhosts/DOMAIN/httpdocs
	<IfModule mod_ssl.c>
		SSLEngine off
	</IfModule>
	<Directory /var/www/vhosts/DOMAIN/httpdocs>
	</Directory>
</VirtualHost>

I have removed anything that doesn't concern SSL to make it easier to read.

With this CP you choose if a user has SSL and if the SSL docroot is the same as the non SSL.

Just by creating the SSL virtualhost seems to be enough for SSL to work with all browsers. Users just get an error saying that the cert does not correspond to the domain and are requested to accept the cert just like with a self generated cert.

I have tested this with all of the browsers I have found and havn't had any compatibiliy problems.