How to assign the one server IP to a user for SSL?

Arieh

Arieh

Verified User
Joined
May 27, 2008
Messages
1,123
Location
The Netherlands
I've got a DA setup for one site only, and it has a SSL certificate.

I have created a user for it; because if I use SSL under admin; it will save the certificate under /etc/httpd/conf/ssl.crt/server.crt and such.

But I can't assign the IP address to that user, because the user admin also has it. It has however no domain so it isn't actually using it.

Right now I've got it working using SNI, but I would just like to use that IP for that SSL certificate.

Is there a way to do this under that user, or would I really have to run it under admin?
 
You just set it up. You shouldnt have to assign it to the user. I have done it many times.
 
I'm trying to understand this...

You've got a server with only one IP#? If so, it's got to be the shared server IP#.

So the only thing you can do through the control panel is set it up as the Shared Server Certificate.

If you only need the Certificate for the one site, and it doesn't matter if other uses get a name mismatch error, then you don't need SNI. But if you hae SNI you can get the Certificate to work for the user; jut tell the user to use the shared Certificate.

Or am I misreading something?

Jeff
 
Yep you got it right; however the server certificate is saved at /etc/httpd/ - one thing for example I don't like about that that it isn't included at the DA backup (correct me if I'm wrong).
 
I believe you're right. Hopefully you've kept a copy :).

Perhaps you can create a copy of everything you need in /home/admin so the Admin backup will make a copy whenever you run it.

Or perhaps it can be made a part of the Admin level backup.

Jeff
 
Well the thing is, I don't want to go through difficult customizations. I try to keep it simple:

One server, with one ip address, with one ssl website, able to fast backup and restore.

That is kind of what I have right now; however with the use of SNI. An easy solution could be to somehow assign the IP to the user, that could be some kind of hack or customasation, as it would be an extra to the basic setup. In case of a restore, I could just restore the backup on another box or provider etc, and it's up again, with only SNI again for example, then when there's time I could do the customization again.

Right now SNI is sufficient; but I would just simply use the IP address as it's doing nothing on :443 right now -- and of course keep the rest simple.
 
You must log in or register to reply here.
Back
Top