Turnkey and Apache SSL configurations
Jumped through the hoop today on implementing multiple domains on a system.
The process was something of the following:
- Setup Virtual Domains,
- Get virtual working - there is a lot to this in Joomla
- Open Apache
- Check basic Setup
- I had 3 domain SSL server setups defined
- Primary Server Host
- Secondary Server Host
- * (universal) Server Host
- I verified that I had one Redirect working on my Primary Server. Entered the URL and it redirected (don't forget)
- I had 3 domain SSL server setups defined
- Purchase a Multi-Domain SSL Certificate
- Go to https://decoder.link/csr_generator
- Create a New CSR
- use advanced options to enter the additional Server Names attached to the CSR and Cert
- Copy the CSR to a new_file.csr file
- Copy the Private Key to a new_file.key (or new_file.psk) file
- Copy the Decoder Cert (for some reason I do this, but it does not get used) ie new_file_local.crt
- Create a New CSR
- Activate the Purchased SSL Certificate by entering the RAW Text of the CSR File (easy to copy on the Decoder.link site)
- Emailed to the Primary
- Go to https://decoder.link/csr_generator
- Check basic Setup
- Opened my Domain and DNS Server Setup for each of my Domains I was attaching to the Cert.
- Set up http: DCV on the sub systems
- entered a new "sub domain' for each domain (long keyed and meaningless except the key)
- entered a cname and a destination for each domain (long keyed and meaningless except the key function)
- Accepted the One Email
- Waited a bit for the Cert to issue, but it did
- Set up http: DCV on the sub systems
- Open FTP Session to Server
- upload SSL Certs to ETC/SSL/new_cert_name
- This includes the PRIVATE KEY File that was saved from decoder.link above
- Note that YOU CANNOT get the Cert to work in Apache without the Private Key in more recent installs I have done.
- I think perhaps there are ways to build in the Key to the cert, but I need to backtrack abit on how I used to do that. I believe, however, the change that requires this has mostly come from the certifying issuers as much as than my process.
- I also put the CSR file there though I do not believe it is actually used in the functioning of the directives and cert except to create the file structure. Decoder.link above can "decode" the CSR file which may be helpful
- In the Apache Server Setup (port 443)
- copy the original directives
- comment the original directives
- add new directives to the New Folder and New Name
This is a view of how my Apache Directives read for in Webmin
*.443
SSLEngine on
SSLEngine on# SSLCertificateFile /etc/ssl/old_ssl_folder/oldcert.crt# SSLCertificateKeyFile /etc/ssl/old_ssl_folder/oldcert.key# SSLCertificateChainFile /etc/ssl/old_ssl_folder/oldcert.ca-bundleSSLCertificateFile /etc/ssl/newcert_multi_folder/new_issued_multi.crtSSLCertificateKeyFile /etc/ssl/newcert_multi_folder/newcert_private.keySSLCertificateChainFile /etc/ssl/newcert_multi_folder/new_issued._multica-bundleServerAdmin ....(removed)
This is not always as easy a process as it was today, as different file types. Today though, it went on the first try and Apache took the changes.
I still have my Primary Domain Cert running with its special Redirect.
My Secondary Cert I will reissue and use somewhere else as I put it's domain into this Multi Cert.
The Multi-Cert Process went very well.
This is not a small amount of work, but I can help. Please contact me via the SSL Install link
Comodo-PositiveSSL-Installation-on-Turnkey-System