After extensive searching, I’ve not been successful locating how to setup shared ssl for name based virtual hosts. I don’t really want/need separate IP’s for this.
I don’t think I’m looking for help installing a (goDaddy Turbo) certificate for the host name, but rather how to let the name base servers use the hosts certificate; such as https://host.tld/example.tld.
The reason I’m questioning this is in experimenting with the self-signed certificate that comes with VM, https://host.tld/example.tld or https://host.tld/example doesn’t work. Is the solution connected to enabling virtual host preview in Apache?
… I see
So it’s not that I have missed it, looks like you are saying VM is not designed to use a shared host certificate for virtual hosts, as in https://host.tld/example.tld/.
Geeze, been doing it that way for years for a small handful of domains.
It seems that with other control panels, it’s tied into being able to preview the website via host/domain and then to take advantage of the shared cert, you just add the “s”.
Geeze, been doing it that way for years for a small handful of domains.
OK, but we’re not going to encourage folks to use SSL insecurely.
There is a protocol for dealing with name-based SSL hosts (which is implemented in the non-standard module mod_gnutls for Apache), but a large percentage of clients don’t support the protocol (and those that do have only added it in the very recent past, so lots of users will be out in the cold).
This has been discussed numerous times in the forums. Basically, we’re not going to stop you from doing it wrong…but we’re not going to help either.
We do plan to add support for multi-domain certificates in the near future. But it’s not the same thing you’ve been doing with other control panels for years…the thing you’ve been doing with other control panels is a bad idea and shouldn’t be encouraged by anyone.
Okay… didn’t realize this was going to be such a controversial issue. Up until now, I didn’t have a clue that using a shared certificate was such a bad idea.
I am fully committed to Vitualmin being the control panel of choice. I couldn’t even begin to write down all the features that make it overwhelmingly superior to anything else I’ve used. I will take steps to secure the needed sites using their own cert and IP.
Read up about SSL certs and website cross scripting about the dangers of ill-formed ssl sharing.
The fact is that it completely violates RFC and not one PCI, https://www.pcisecuritystandards.org/, place is ever going to allow shared shared ssl site.
Read up about SSL certs and website cross scripting about the dangers of ill-formed ssl sharing.
The fact is that it completely violates RFC and not one PCI, https://www.pcisecuritystandards.org/, place is ever going to allow shared shared ssl site.
Alright… no problem.
I was up until recently using the most current version of Ensim Pro and the ability to easily use a shared certificate was built right into the control panel. Ensim is by no means my hero and in this case looks like it gave me the wrong impression.
