Assign ip adres and or install ssl cert with 1 server ip

[neo-hippie]

Hello,

I'm currently running a directadmin server with 1 ip adres.
now I'm trying to install a ssl cert to one of my domains.
but it says / i read you need to assign an ip to that domain/user first.

but how can i achieve that with no free ip's?
can i assign the main ip to that domain and will it function on the other domains as well?

Thanks,

 

[scsi]

address*

Try:

http://directadmin.com/features.php?id=1100

You can also assign the ip to the reseller that is still shared and then use that ip for ssl.

 

[neo-hippie]

Thanks SCSI,

dutch translation.. sorry

i'll give it a shot. thanks so far.

btw. if someone can modify all those help items and mention which file and/or location
for example mention it below Version number or something.

 

[zEitEr]

Directadmin configuration file is meant there, and it's located in /usr/local/directadmin/conf/directadmin.conf

 

[neo-hippie]

Hello, Thanks for the file location.

i have changed / added the enable_ssl_sni=1 option.
but when i go to CMD_IP_MANAGER (DA->ip management) and select the 1 ip i have.
than choose to assign it to my reseller.
the screen flickers once (reload) but nothing changes.

EDIT:
sorry spoke to soon.. it was either one of those options.
i do not need to assign the ip address.
i can now edit the user->domain->ssl cert without assigning the ip address.

Thanks..

 

[neo-hippie]

Hello (again),

i've got an wildcard ssl certificate.
and installed it on my domain using directadmin ->user->domain->ssl certificates.

i'm using a virtual subdomain "mail." for smtp and pop
how can i connect that certificate to ..well basicly every.. subdomain

is that something i need to do with DNS or a setting in directadmin?

 

[znhost]

restart directadmin after change directadmin.conf

service directadmin restart

 

[neo-hippie]

hello, thanks for the reply

after making the enable_ssl_sni modification i have restarted directadmin.
this does not solve the wildcard subdomain issue.

 

[zEitEr]

What has SNI in common with wildcard SSL cert? They not much the same. If you want to use a wildcard cert then you probably need to save

SSL Cert to /etc/httpd/conf/ssl.crt/server.crt
SSL Key to /etc/httpd/conf/ssl.key/server.key

and restart apache. That will be your default SSL cert for all vhosts with enabled SSL support.

 

[nobaloney]

This may be the easiest way to use a wildcard Certificate with multiple subdomains:

Assign an IP# to a user, set up the domain name for that user, install the Certificate, and add all the subdomains under the same user.

Another way is to give each subdomain it's own IP# and install them all separately.

Yet another way may be to enable SNI so you can install Certificates on shared IP#s.

Note I haven't tried any of these methods, but I believe they'll all work.

Jeff

 

[neo-hippie]

What has SNI in common with wildcard SSL cert? They not much the same. If you want to use a wildcard cert then you probably need to save

SSL Cert to /etc/httpd/conf/ssl.crt/server.crt
SSL Key to /etc/httpd/conf/ssl.key/server.key

and restart apache. That will be your default SSL cert for all vhosts with enabled SSL support.

i have tryed this.
but it's missing the intermediate certificates now.
is it just as with the directadmin a case of putting all CA's into one file? (i have 3 CA, one private key and a cert)

SSL CA's to /etc/httpd/conf/ssl.crt/server.ca
SSL cert to /etc/httpd/conf/ssl.crt/server.crt
SSL Key to /etc/httpd/conf/ssl.key/server.key

 

[neo-hippie]

This may be the easiest way to use a wildcard Certificate with multiple subdomains:

Assign an IP# to a user, set up the domain name for that user, install the Certificate, and add all the subdomains under the same user.

Another way is to give each subdomain it's own IP# and install them all separately.

Yet another way may be to enable SNI so you can install Certificates on shared IP#s.

Note I haven't tried any of these methods, but I believe they'll all work.

Jeff

basically option 2 is out of the question. i'm not gonna buy more ip's

option 3 i have tried and that is where i get stuck (view posts above..)

so that leaves option 1, but can this work with everything already setup? you're talking like i need to create everything from scratch.

 

[zEitEr]

is it just as with the directadmin a case of putting all CA's into one file? (i have 3 CA, one private key and a cert)

SSL CA's to /etc/httpd/conf/ssl.crt/server.ca

Yes, you can put all the 3 CA into one file.

 

[neo-hippie]

Thanks,

i've tried it but no cigar.
it works now with exim and every domain i have. including subdomain

but when i check the certificate (dutch site) https://www.sslcertificaten.nl/SSLCheck/mail.neo-hippie.net
it still says intermediate certificate missing.

i have restarted directadmin / exim / httpd

 

[zEitEr]

You probably need to check it with COMODO. From here you seem to have done everything correct.

 

[neo-hippie]

Thanks, i try to contact them.

in the meanwhile. why is there nowhere in directadmin a mention to the CA file(s)
for example directadmin.conf just has:
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apachekey=/etc/httpd/conf/ssl.key/server.key
AND
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

and dovecot.conf in my case missed the CA as well.
i've added this:
ssl_ca_file = /etc/httpd/conf/ssl.crt/server.ca

just wondering, i don't fully understand how ssl works.
but learning the hard way ;-)

 

[zEitEr]

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem

related: http://help.directadmin.com/item.php?id=15
http://help.directadmin.com/item.php?id=284

 

[neo-hippie]

aha, got a solution. well basically there wasn't any problem.
there SSLcheck only scanned port 433

and since mail.neo-hippie.net went trough DNS to Exim/Dovecot
the never saw the service running.