Bug report: SSL Root CA doesn't work for server IP

[zylon]

Hello,

When I configure a SSL certificate as the admin who owns the server IP and then apply a CA root Certificate, this is not configured in the extra-vhosts.conf.

With the SSL Certificate is configured I get a special message and codepath:

NOTE: You are using the server IP, so your certificate and key have been saved to:
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key

This is all fine.

However, this does not happens when I configure the root certificate with: "Click Here to paste a CA Root Certificate":

[root@ded105 httpd]# grep SSL /etc/httpd/conf/extra/httpd-vhosts.conf
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Can you check this out and fix this? If I add this SSLCACertificateFile manually in the configfile it'll probably get overwritten again by DirectAdmin.

 

[nobaloney]

It's not a bug; it's a feature .

I posted a How-To here back in May.

Jeff

 

[zylon]

It's unexpected because the webinterface does not do what it says it's doing and requires configfilehacking as root to work around.
That's a bug in my book.

Also, doesn't that configfile get rewritten when for instance IPs are added?

 

[DirectAdmin Support]

Hello,

It's been documented since about 2003, but I agree it's not very clear based on the interface:
http://www.directadmin.com/technotes.html#ssl

I'm going to add this to the versions system to be resolved.

John

 

[zylon]

Are you going to put a warning or error when this button is being used for the server IP
or are you going to finish this feature so it also works on server IP?

Do you have an idea when you I can tell my customer when this is changed or fixed?

PS: You don't need to respond to my e-mail. One communication path is enough.

 

[DirectAdmin Support]

Hello,

I'm going to do both.
1) The CA Root will be added to a file on disk via the interface in DA.
2) There will be a notice that it's the server IP and is stored in a different location.

I cannot give an eta at this time. The fix has been added to the versions system for implementation, but there are also several other things in the versions system to be implemented as well. It won't be for a while, at best.

John

 

[zylon]

Thanks for your response. I'm glad to know it'll get solved some time and I'll be sure to check the changelogs.

For now I'll use the workaround.