Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: SSL for virtual site help

  1. #1
    Join Date
    Jan 2008
    Beans
    42

    SSL for virtual site help

    I"m running ubuntu 10.01.4 with apache 2 version 2.2.14. The site is up and running fine but I'm having a problem installing a ssl cert for the site.
    Does it matter where the cert is installed it?

    In the sites-available conf file for the site do I reference port 443 along with port 80 and the location of the cert path in one file?

    This is what I have now

    <virtualhost *:80>
    ServerAdmin xxxxx@comcast.net
    ServerName xxxx.com ServerAlias www.xxxx.com
    DirectoryIndex index.cfm
    DocumentRoot "/var/www/xxx"

    <VirtualHost *:443>
    ServerName www.yoursite.com
    DocumentRoot /var/www/site
    SSLEngine on
    SSLCertificateFile /path/to/www_yoursite_com.crt
    SSLCertificateKeyFile /path/to/www_yoursite_com.key
    SSLCertificateChainFile /path/to/DigiCertCA.crt
    </Virtual Host>
    </virtualhost>

    Is that right or do I have to make two separate vhost files one for port 80 and one for port 443?
    Also do I have to change anything in the httpd.conf file as well?

    I tested this config and it didn't work so i'm missing something.

    THanks!

  2. #2
    Join Date
    Nov 2008
    Location
    BSAA Headquarters
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: SSL for virtual site help

    moved to server platforms

    try
    Code:
    <VirtualHost *:80>
    ServerAdmin xxxxx@comcast.net
    ServerName xxxx.com ServerAlias www.xxxx.com
    DirectoryIndex index.cfm
    DocumentRoot "/var/www/xxx"
    </VirtualHost>
    
    <VirtualHost *:443>
    ServerName www.yoursite.com
    DocumentRoot /var/www/site
    SSLEngine on
    SSLCertificateFile /path/to/www_yoursite_com.crt
    SSLCertificateKeyFile /path/to/www_yoursite_com.key
    SSLCertificateChainFile /path/to/DigiCertCA.crt
    </VirtualHost>
    Ubuntu Forums Moderation Staff || SandyDNET
    Twitter: @CatchesAStar | Last.fm
    Ubuntu Membership via Forum Contributions

  3. #3
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    Ok i see what i did wrong there.

    I didnt close out the reference to port 80.

    Also does it matter were I put that cert file at? as long as i have the correct path right?

    Do I need to change anything in the apache2.conf or the httpd.conf?

    I also noticed there was two files in /etc/sites-available called

    default
    default-ssl

    would I have to mess with those as well ?

    Thanks again!

  4. #4
    Join Date
    Nov 2008
    Location
    BSAA Headquarters
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: SSL for virtual site help

    Quote Originally Posted by mcraul View Post
    Ok i see what i did wrong there.

    I didnt close out the reference to port 80.

    Also does it matter were I put that cert file at? as long as i have the correct path right?

    Do I need to change anything in the apache2.conf or the httpd.conf?

    I also noticed there was two files in /etc/sites-available called

    default
    default-ssl

    would I have to mess with those as well ?

    Thanks again!
    The path of the cert file doesnt matter - as long as its readable by apache, its fine

    the files in /etc/sites-avaliable are just examples - you can remove them if you want
    Ubuntu Forums Moderation Staff || SandyDNET
    Twitter: @CatchesAStar | Last.fm
    Ubuntu Membership via Forum Contributions

  5. #5
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    So the path to the cert files just need to be in the domain conf under etc/sites-available? or do I have to put the path to the cert in another conf as well?

    Thanks for the help!

  6. #6
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    One more question, do I have to make a new private key for each virtual host or?

    Thanks

  7. #7
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,716
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: SSL for virtual site help

    Quote Originally Posted by mcraul View Post
    So the path to the cert files just need to be in the domain conf under etc/sites-available? or do I have to put the path to the cert in another conf as well?
    The only place you need to reference the certificate files in is the server definition for the SSL host.

    Quote Originally Posted by mcraul View Post
    One more question, do I have to make a new private key for each virtual host?
    This is a much more complicated issue. Usually every SSL host needs to be assigned to a separate IP address. So if you wanted to have three different SSL hosts with different hostnames, you'd need three IPs. However there are ways to support multiple hostnames within a single domain using a wildcard certficate.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  8. #8
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    So I installed the SSL and now I"m getting this error

    nvalid command 'SSLCertificate', perhaps misspelled or defined by a module not included in the server configuration
    Any way to overcome this?

    Thanks!

  9. #9
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    This is my config now thats giving me that error

    <virtualhost *:80>

    ServerAdmin xxxx@comcast.net
    ServerName xxxx.com
    ServerAlias www.xxxx.com


    DirectoryIndex index.cfm
    DocumentRoot "/var/www/nearby"
    </virtualhost>

    <virtualHost 23.xx.xx.xxx:443>
    ServerName xxxx.com
    DocumentRoot "/var/www/nearby"

    SSLEngine on
    SSLCertificate /etc/ssl/certs/xxxx.com.crt
    SSLCertificateKeyFile /root/www_xxxx_com.key
    SSLCertificateChainFile /etc/ssl/gd_bundle.crt

  10. #10
    Join Date
    Jan 2008
    Beans
    42

    Re: SSL for virtual site help

    Do I have to make some change in

    /etc/apache2/sites-available/ssl

    as well?

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •