SSL certificates and domain pointers

I

Illarane

Verified User
Joined
Mar 10, 2009
Messages
31
Hi, all,

Not really sure where to post this. We have several domains which point at one vhost, and they all need to be able to support SSL connections. At the moment, I've created the secondary domains as domain pointers to the primary domain, and it's mostly working correctly except that we get certificate errors on the secondary domains for obvious reasons.

I'm trying to work out if it's possible to create domains in DirectAdmin in such a way that you can have it point to another domain as if it was an alias, but it's actually a separate VirtualHost with its own IP and SSL certificate. If it possible at all to do this? Google gives me the impression from the results I'm not getting that I'm the first person in history to try. O.o

Regards,

Ben.
 
You will have to have seperate ip for each domain and ssl certificate for each domain you want to have ssl on. You cannot forward ssl requests like that.
 
No, I realise that. What I'm asking is how to get a domain to forward as if it were a domain pointer but use still use its own SSL certificate. If I create the domain in the Domain Administration section, it gets its own public_html folder, which isn't what I want. If I create the domain as a pointer to another domain, I can't set SSL certificates for it because it just gets added as a ServerAlias line. :(

If I were creating it by hand, I'd create the VirtualHosts so that they all point at the same directory on the server, but I can't do that with DirectAdmin, hence asking here. :)
 
scsi said:
Oh use "domain pointers"

http://site-helper.com/misc.html#pointers
Click to expand...

I already am. :p

Illarane said:
[snip]At the moment, I've created the secondary domains as domain pointers to the primary domain, and it's mostly working correctly except that we get certificate errors on the secondary domains for obvious reasons.[/snip]
Click to expand...

How do I get the effect of domain pointers but still be able to use an SSL certificate and IP address for each domain?
 
Well its not possible then if thats what you wanna know.

You cant go to https://domain1.com and think its not gonna give a cert error before it forwards to https://domain2.com

Trust me I have tried everything to get around it.

Domain pointers only point one domain to another and probably doesnt support https since you can only have one ssl domain per ip.
 
The only way I think think it would be possible. Is setup each domain on a seperate ip address. Create some sort of redirect with .htaccess or php or meta redirect.
 
scsi said:
Well its not possible then if thats what you wanna know.

You cant go to https://domain1.com and think its not gonna give a cert error before it forwards to https://domain2.com

Trust me I have tried everything to get around it.

Domain pointers only point one domain to another and probably doesnt support https since you can only have one ssl domain per ip.
Click to expand...

It's not actually forwarding the domain; it's an alias to the domain, so when you go to it, the domain in the URL doesn't change. The problem is that it creates them by putting in ServerAlias www.blah.com to the vhost declaration, whereas I need it to create them by basically creating a new VirtualHost file that points to the same folder.

By the sounds of it, I'd be better off just creating the domains independently, then removing the directories on the filesystem and creating them as symbolic links... But for this to be safe, I need to know how DA deletes domains' directory structures. :/
 
Last edited:
We've done something similar, but it appears this is something you don't want to do:

Create a new domain with it's own IP#.

Create an SSL for that domain.

Using private_html/index.html for that domain, create a zero-sized frameset in which you load the original domain. Both sites need to have secure certificates, and in the future browsers may warn you that the site is shown in a frame.

The disadvantage is your URL will never change.

Or you can, if you own the server, make the change in your user httpd.conf file, and then chattr the file so it can't be changed later by DirectAdmin.

Jeff
 
Illarane said:
It's not actually forwarding the domain; it's an alias to the domain, so when you go to it, the domain in the URL doesn't change. The problem is that it creates them by putting in ServerAlias www.blah.com to the vhost declaration, whereas I need it to create them by basically creating a new VirtualHost file that points to the same folder.
Click to expand...
You could do it using custom VirtualHost template with conditional statement generating another VirtualHost section for specific domain or IP address. You will have to hard code the path to SSL certificate and the private key of the 2nd VirtualHost section with somethign like
Code: 
SSLCertificateFile /home/|USER|/example.com.crt
SSLCertificateKeyFile /home/|USER|/example.com.key
The downside is that your 2nd domain will not be manageable via DA.
Illarane said:
By the sounds of it, I'd be better off just creating the domains independently, then removing the directories on the filesystem and creating them as symbolic links... But for this to be safe, I need to know how DA deletes domains' directory structures. :/
Click to expand...
What specifically do you want to know?
DA does not delete files or symbolic links at random, is that what you wanted to confirm? :)
 
I already bought the SSL certioficate from http://www.tucktail.com/ & it is going to expire shall i renew the ssl certificate from the same website becoz they are providing the service ori have to get a new certificte need help pls ...........
 
You just send them the csr again and they will send you a new key.
 
You always get a new Certificate; even if you're renewing; that's the way it works. So yes, you can get the new Certificate from anyone. You have to go through the same steps.

Tucktail appears to be either owned by, or a reseller of, GoDaddy.

Jeff
 
You must log in or register to reply here.
Back
Top