SSL - A definitive answer

**DuxAranea** · 05-21-2004 07:15 AM

There's one thing that keeps coming up but I have not seen any clear answers for yet, and that is a shared SSL ceritifcate for a server.

What I mean by "shared SSL", and someone may want to correct me on my use of that term, is that all the domains on a shared IP address share the same SSL certificate.

I have a shared IP address on my server and I want to provide generic, self-signed SSL for every domain on that IP. Can I do that with just one SSL cert on the shared IP address? How is that accomplished?

Also - how can I set a subdirectory to use for storing my secure site? For example, I want https://mydomain.com to bring me straight to the secure folder, and do it transparently - meaning that https://mydomain.com still shows in the browser's address line, without the secure subdirectory name showing. I had this set up once when I was on a host with Plesk, and I'd like to try and set it up that way for my users in cpanel, since I remember it being a very user-friendly setup.

I know that's a lot for one post, but if I could get this cleared up once and for all, it would really help everyone, I think. Thanks to anyone who can help.

**icanectc** · 05-21-2004 09:26 AM

Correct me if I am wrong anyone..

But with a shared SSL your users would need to use https://IP/~userid not https://theirdomain.com/

**DuxAranea** · 05-21-2004 09:29 AM

That doesn't sound right to me...

**fishfreek** · 05-21-2004 10:52 AM

To use a shared SSL you have to do it like icanectc said. To do it the other way each site would have to have its on self signed ssl. And since you can only have 1 ssl per IP that would require every client to have their own IP.

To have the https:// go to a different folder then you need to edit the httpd.conf file for that domain and specify the root file path for the secure website to be what ever you want it to be.

**casey** · 05-21-2004 11:17 AM

Originally posted by DuxAranea
That doesn't sound right to me...

Well, it is...

**Host4u2** · 05-21-2004 11:56 AM

Example:

Server name: test.abc.com

Create account: abc.com (sharing server IP address)
Create sub-domain: test.abc.com

Order SSL Cert for test.abc.com, using server IP.

Install Certificate via WHM for test.abc.com

Now, clients/accounts can use the server-wide Shared Certificate using:

https://test.abc.com/~userID/filename.shtml

**protocol** · 06-03-2004 07:51 AM

Hi,

I too have been trying to get this to work. I have followed the instructions of Host4u2 and I find:

https://test.abc.com/ goes to teh same place as http://abc.com/ and https://test.abc.com/~userID/ gets Not Found

http://test.abc.com/~userID/ works fine

also the secure cpanel at https://test.abc.com:2083 works fine too with the SSL cert

(my server names are different obviously)

Any ideas would be great.

Will

**Host4u2** · 06-03-2004 08:21 AM

Note: In the example, test.abc.com is the server name. Also, the Certificate must be issued to "test.abc.com" (important).

You wrote: "https://test.abc.com/ goes to the same place as http://abc.com/"

Is your Certificate issued to your server name, test.abc.com, using abc.com's unique IP address?

Obviously, test.abc.com (sub-domain.url.com) is substituted for your real domain and sub-domain

**protocol** · 06-03-2004 08:33 AM

Thanks,

Yes server name is test.abc.com and ssl cert is for same

abc.com is on the same IP address as all the user accounts that don't have their own IP address (so they can have their own SSL certs). This is the main server IP address that is used by the Server Name. Is this wrong?

**Host4u2** · 06-03-2004 09:07 AM

Yes, abc.com should have it's own unique IP address (as is so with any SSL Cert.).

**protocol** · 06-03-2004 09:54 AM

I tried to switch abc.com to a new ip ad it seemed to mess things up. http://test.abc.com went to a customer's site and
http://test.abc.com/~username was not found. This also broke http://[main ahared ip]/~username. I had to restore the last httpd.conf file to get things right again. I'm a little scared of messing things up :-(

**Host4u2** · 06-03-2004 10:22 AM

The time to assign a unique Ip is before you order the Cert. It's already assigned the IP you ordered it with now.

**protocol** · 06-03-2004 10:40 AM

I seem to have done it. I manually changed the httpd.conf file:

added:

<IfDefine SSL>
<VirtualHost [Shared IP]:443>
DocumentRoot /usr/local/apache/htdocs
BytesLog domlogs/[Server Name]-bytes_log
ServerName [Server Name]-
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/[Server Name]-.crt
SSLCertificateKeyFile /usr/share/ssl/private/[Server Name]-.key
SSLLogFile /var/log/[Server Name]-
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

Does this seem okay to you?

**Host4u2** · 06-03-2004 10:46 AM

Yep, especially if that is working for you. I was about to suggest uninstalling the Cert and then reinstalling it with assigning it a new unique IP address (for abc.com)

**protocol** · 06-03-2004 11:11 AM

Okay, Hopefully cpanel will not overwrite it. Thanks for the help.

Will

LinkBack

Thread Tools

SSL - A definitive answer

Definitive FreeTDS installation instuctions

is there a definitive list of cpanel applets?

WebMail Logout Should be Definitive

domlog rotation: The Definitive Answer?

SSL - looking for quick answer