Vhostswithssl

From ISPMan

If for example you created a vhost called "www" and want to "enable SSL" for it, you can choose the following way:

1. Create SSL Certs as usual (manually)
2. Create a vhost called "www:443" within ISPMan's admin UI.
3. On creation set the vhots's documentroot / homedirectory to /var/www/mydomain/vhosts/www
   (it defaults to /var/www/mydomain/vhosts/www:443 , what is most likely not what you want)
4. Set the IP address for that vhost. You need an own IP-address per additional ssl-vhost. Only one cert per IP. Thats usually means: One IP, only ssl vhost. (wildcard certs might be an exception).
5. Create the directory /var/www/mydomain/vhosts/shop/certs/ and copy your cert stuff in. Keep in mind to set the permissions in a way that only your user and root can read it. (Or the other users on the system can easily steal your identity)
6. Add the "Enable SSL stanza" in the "Extra Configuration" of the vhost:

"Extra Configuration"

SSLEngine             on
SSLCertificateFile    /var/www/mydomain/vhosts/www/certs/www.mydomain.pem.crt
SSLCertificateKeyFile /var/www/mydomain/vhosts/www/certs/www.mydomain.key
SSLCACertificateFile  /var/www/mydomain/vhosts/www/certs/cross-ca-bundle.crt

This of course only works, if your apache is already preprared to run SSL (via mod_ssl or apache_ssl for example, e.g. with "a2enmod ssl").

To protect the ISPMan Web UI, you should at least use a self-signed SSL cert. On Debian there is a package "ssl-cert" which ships a script called "make-ssl-cert", which can create a such a snakepil-cert in one line

/usr/sbin/make-ssl-cert generate-default-snakeoil [--force-overwrite]

To protect the ISPMan Web UI you can use these stanzas in the Apache context of the Web UI:

SSLEngine             on
SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key