ispCP - Board - Support
GnuTLS hilfe - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega International Area (/forum-22.html)
+--- Forum: German Corner (/forum-26.html)
+---- Forum: Plauderecke (/forum-49.html)
+---- Thread: GnuTLS hilfe (/thread-11208.html)



GnuTLS hilfe - Top44 - 07-20-2010 07:56 AM

Moin jungs,

nachdem ich mir diese ganze SSL geschichte durchgelesen habe, wollte ich mich mal an die tat machen.

Szenario :

2 Domains
2 Offizielle Certs

Problem :

Das cert der Domain1 funktioniert eigendlich so wie es soll, jedoch nutzt domain2 auch das cert von domain1, warum weiß ich nicht, da kommt ihr ins Spiel.

Also config Domain 1:
Code:
<VirtualHost xxx.xxx.xxx.xxx:443>

GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 500

GnuTLSCertificateFile /var/www/virtual/domain1.de/ssl/domain1.de.crt
GnuTLSKeyFile /var/www/virtual/domain1.de/ssl/domain1.de.key
GnuTLSPriorities NORMAL

ServerName domain1.de

DocumentRoot /var/www/virtual/domain1.de/htdocs

##Testing
ErrorLog /var/www/virtual/domain1.de/logs/ssl_log
CustomLog /var/www/virtual/domain1.de/logs/acces_log common

<IfModule suexec_module>
  SuexecUserGroup vu2005 vu2005
</IfModule>

ServerAdmin     webmaster@domain1.de
Alias /errors    /var/www/virtual/domain1.de/errors/

    ErrorDocument 401 /errors/401.html
    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    ErrorDocument 500 /errors/500.html
    ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser domain1.de
</IfModule>

    # httpd awstats support BEGIN.

    Alias /awstatsicons     "/usr/share/awstats/icon/"
    Alias /stats            "/var/www/virtual/domain1.de/statistics/"

    <Directory "/var/www/virtual/domain1.de/statistics">
        AllowOverride AuthConfig
        DirectoryIndex awstats.domain1.de.html
        Order allow,deny
        Allow from all
    </Directory>

    <Location /stats>
        AuthType Basic
        AuthName "Statistics for domain domain1.de"
        AuthUserFile /var/www/virtual/domain1.de/.htpasswd
        AuthGroupFile /var/www/virtual/domain1.de/.htgroup
        Require group statistics
    </Location>

   # httpd awstats support END.

    # httpd dmn entry cgi support BEGIN.
    ScriptAlias /cgi-bin/ /var/www/virtual/domain1.de/cgi-bin/
    <Directory /var/www/virtual/domain1.de/cgi-bin>
        AllowOverride AuthConfig
        #Options ExecCGI
        Order allow,deny
        Allow from all
    </Directory>
    # httpd dmn entry cgi support END.

    <Directory /var/www/virtual/domain1.dee/htdocs>
        # httpd dmn entry PHP support BEGIN.
        # httpd dmn entry PHP support END.
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # httpd dmn entry PHP2 support BEGIN.
    <IfModule mod_php5.c>
        php_admin_value open_basedir "/var/www/virtual/domain1.de/:/var/www/virtual/domain1.de/phptmp/:/usr/share/php/"
        php_admin_value upload_tmp_dir "/var/www/virtual/domain1.de/phptmp/"
        php_admin_value session.save_path "/var/www/virtual/domain1.de/phptmp/"
        php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2005 -t -i'
    </IfModule>
    <IfModule mod_fastcgi.c>
        ScriptAlias /php5/ /var/www/fcgi/domain1.de/
        <Directory "/var/www/fcgi/domain1.de">
            AllowOverride None
            Options +ExecCGI -MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    <IfModule mod_fcgid.c>
        Include /etc/apache2/mods-available/fcgid_ispcp.conf
        <Directory /var/www/virtual/domain1.de/htdocs>
            FCGIWrapper /var/www/fcgi/domain1.de/php5-fcgi-starter .php
            Options +ExecCGI
        </Directory>
        <Directory "/var/www/fcgi/domain1.de">
            AllowOverride None
            Options +ExecCGI MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    # httpd dmn entry PHP2 support END.

    Include /etc/apache2/ispcp/domain1.de.conf

</VirtualHost>


Domain2 config :
Code:
<VirtualHost xxx.xxx.xxx.xxx:443>

GnuTLSEnable on
GnuTLSExportCertificates on
GnuTLSCacheTimeout 500

GnuTLSCertificateFile /var/www/virtual/domain2.de/ssl/domain2_de.crt
GnuTLSKeyFile /var/www/virtual/domain2.de/ssl/domain2.de.key
GnuTLSPriorities NORMAL

ServerName domain2.de

DocumentRoot /var/www/virtual/domain2.de/htdocs

##Testing
ErrorLog /var/www/virtual/domain2.de/logs/ssl_log
CustomLog /var/www/virtual/domain2.de/logs/acces_log common

<IfModule suexec_module>
  SuexecUserGroup vu2001 vu2001
</IfModule>

ServerAdmin     webmaster@domain2.de
Alias /errors    /var/www/virtual/domain2.de/errors/

    ErrorDocument 401 /errors/401.html
    ErrorDocument 403 /errors/403.html
    ErrorDocument 404 /errors/404.html
    ErrorDocument 500 /errors/500.html
    ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser domain2.de
</IfModule>

    # httpd awstats support BEGIN.

    Alias /awstatsicons     "/usr/share/awstats/icon/"
    Alias /stats            "/var/www/virtual/domain2.de/statistics/"

    <Directory "/var/www/virtual/domain2.de/statistics">
        AllowOverride AuthConfig
        DirectoryIndex awstats.domain2.de.html
        Order allow,deny
        Allow from all
    </Directory>

    <Location /stats>
        AuthType Basic
        AuthName "Statistics for domain domain2.de"
        AuthUserFile /var/www/virtual/domain2.de/.htpasswd
        AuthGroupFile /var/www/virtual/domain2.de/.htgroup
        Require group statistics
    </Location>

   # httpd awstats support END.

    # httpd dmn entry cgi support BEGIN.
    ScriptAlias /cgi-bin/ /var/www/virtual/domain2.de/cgi-bin/
    <Directory /var/www/virtual/domain2.de/cgi-bin>
        AllowOverride AuthConfig
        #Options ExecCGI
        Order allow,deny
        Allow from all
    </Directory>
    # httpd dmn entry cgi support END.

    <Directory /var/www/virtual/domain2.de/htdocs>
        # httpd dmn entry PHP support BEGIN.
        # httpd dmn entry PHP support END.
        Options -Indexes Includes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # httpd dmn entry PHP2 support BEGIN.
    <IfModule mod_php5.c>
        php_admin_value open_basedir "/var/www/virtual/domain2.de/:/var/www/virtual/domain2.de/phptmp/:/usr/share/php/"
        php_admin_value upload_tmp_dir "/var/www/virtual/domain2.de/phptmp/"
        php_admin_value session.save_path "/var/www/virtual/domain2.de/phptmp/"
        php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2001 -t -i'
    </IfModule>
    <IfModule mod_fastcgi.c>
        ScriptAlias /php5/ /var/www/fcgi/domain2.de/
        <Directory "/var/www/fcgi/domain2.de">
            AllowOverride None
            Options +ExecCGI -MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    <IfModule mod_fcgid.c>
        Include /etc/apache2/mods-available/fcgid_ispcp.conf
        <Directory /var/www/virtual/domain2.de/htdocs>
            FCGIWrapper /var/www/fcgi/domain2.de/php5-fcgi-starter .php
            Options +ExecCGI
        </Directory>
        <Directory "/var/www/fcgi/domain2.de.de">
            AllowOverride None
            Options +ExecCGI MultiViews -Indexes
            Order allow,deny
            Allow from all
        </Directory>
    </IfModule>
    # httpd dmn entry PHP2 support END.

    Include /etc/apache2/ispcp/domain2.de.conf

  </VirtualHost>

Evtl. findet ihr einen Fehler?

Grüße


RE: GnuTLS hilfe - rethus - 10-22-2010 08:48 PM

Habe gerade genau das gleiche Problem.
Für den Server an sich hab ich ein Wildcard-Zertifikat, und die user sollen jeweils mit einem eingenen Zertifikat, welches durch mein Wildcard-zertifikat vverifiziert wurden Ihren https-Part betreiben können.

Leider wird aber bei jeder weiteren Domain immer nur das wildcard-zertifikat angezeigt.

Hoffe uns kann jemand helfen!


RE: GnuTLS hilfe - Janko - 05-06-2011 11:02 PM

Hallo,

gibt es für dieses Problem schon eine Lösung?


RE: GnuTLS hilfe - tomhb - 05-08-2011 06:40 AM

(05-06-2011 11:02 PM)Janko Wrote:  gibt es für dieses Problem schon eine Lösung?

Welches Problem meinst Du?


Gruss Tom