How do you setup a Server Wide Shared Certificate?

beansbaxter

Verified User
Joined
Mar 17, 2004
Messages
213
Location
WA
I have spent the better part of the last hour looking through the DA Knowledge Base and reading threads and guides on the DA Forums, and I'm having no luck with this and could really use some help and guidance...

I have multiple users/domains all sharing the same IP address.

I want to install a Server Wide Shared Certificate so I can setup a domain name with SSL. I do not have a Dedicated IP address, so the server IP address is being used for all domain names and user accounts (admin, reseller, user).

From the admin account, at the User Level, I have tried both "Use the server's certificate" and the "Create your own self signed certificate" which says the following was created:

Code:
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.key/server.key

Then I go to a given user account, and when I click on SSL, DA says it cannot execute the request and says "You can only add a certificate if you own the ip you are using"

Is a dedicated IP address required for a Server Wide Shared Certificate?

How can I enable SSL for a domain name sharing an IP address on the server?

Thanks in advance.
 
Just by enabling SSL for the domain makes it use the server certificate.

In addition, you can enable SNI; through which you can serve multiple SSL certificates while only having one IP address: http://directadmin.com/features.php?id=1100

This does not work in older devices such as Windows XP with IE. But since XP has been EOL'd, personally I make my own projects use SNI.
 
I added the "enable_sni_ssl=1" to my directadmin.conf file and restarted DA, however when I go to a user account and click "SSL Certificates" it gives me the error message - "You can only add a certificate if you own the ip you are using"

Just by enabling SSL for the domain makes it use the server certificate.
How can I enable SSL for a domain name?

When I goto Modify User, I check the box for "SSL Access" and then go into the User account and click SSL Certificate and get the error message - "You can only add a certificate if you own the ip you are using"

What am I doing wrong?

Thanks for your help.
 
Check all of the following:

At admin level make sure the user can use SSL and can assign it to the reseller.

At reseller level make sure the user can use SSL.

If I recall correctly you should then be able to use the shared Certificate. You cannot add your own, but you should be able to use the shared Certificate by default.

Jeff
 
User error, of course, lol

The hangup was reading into the steps... with a domain name already setup, you have to go into Domain Setup, click the domain name, and then choose "Activate SSL" and choose https or symbolic link, and then yes, it all works and uses the shared certificate that was setup at the admin user level.

FYI - The documentation for DA is somewhat ambiguous on this feature and could use some updating, but hope that helps out anyone trying to figure it out. Thanks.
 
Yep that's what I meant with enabling it for the domain. Perhaps it makes more sense to move the SSL parts of a domain (enabling+symlink option) to the SSL certificate page; but if you know it's like this you get used to it.
 
Back
Top