1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Shared SSL for Linux

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by grundy, Jul 24, 2010.

  1. grundy

    grundy Guest

    0
     
    Hi All

    I know this question has been asked before, and I have searched for a solution both here and using Google but I could just do with getting other opinions before I embark on this.

    I have a Redhat server with Plesk 9.3, I need to setup a single SSL protected domain and allow many other domains on the same server to use its certificate for encryption. I have seen that Plesk for Linux does not support shared SSL via the panel, and I have also seen that it may be possible to do this using symlinks or possibly mod_rewrite. The sites that need to access the SSL protected domain are all PHP running as FastCGI, if possible I'd simply like the URL's to be like:

    https://ssl_domain.com/non_ssl_domain.com/

    Is this possible using symlinks? And if not can anybody briefly explain why not?

    As mentioned above I'd really just like somebody's opinion who has tried to do this before. What is the best approach to take to achieve this? Would a wildcard certificate and subdomains be a better idea?

    I've setup a few dedicated SSL's using Plesk, so I know about unique IP's etc. just never had to setup something like this.

    Any help, pointers or links are greatly appreciated.

    Thanks
     
  2. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    965
    Likes Received:
    32
    Location:
    Romania
    It should work with multile SNI as I know, just in Lighthttpd of PLESK is not enabled. I have asked for this, but dunno if they will enable or not in the future.
     
  3. grundy

    grundy Guest

    0
     
    Thanks lvalics

    Have to admit I wasn't aware of SNI, but from what I've been reading it doesn't appear to be an option.

    I'm going to try the symlink route first, this is what I'm thinking:

    1. Create a single SSL enabled domain on its own IP.
    2. Create directories on the SSL domain for each of the other non-SSL domains.
    3. Create symlinks between theses new directories and the httpsdocs directory for each domain.
    4. Change ownership of each of the new directories to the ftp user of each domain.
    5. Add allow follow symlinks to a vhost_ssl.conf for each domain.

    Am I on the right track here? I'm a bit unclear on how the permissions need to be set to keep each users directory secure, but I intend to give this a try tomorrow to find out.

    I think the above *should maybe* work.

    Anybody able to tell me where I'm going wrong with the above thinking?

    Thanks again.
     
Loading...