Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 00:02:12

Author Topic: [INFO] Domain-based SSL Certificate since 6.5.1.b-2014042004  (Read 33175 times)

0 Members and 2 Guests are viewing this topic.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
As we know Kloxo Official 6.1.x, Kloxo-MR 6.5.0.f and Kloxo-MR 6.5.1.b implementing IP-based SSL certificate. With this implementing, if want certain domain have specific SSL certificate must assign free IP address to this domain.

With additional domain-based SSL certificate, we don't need free IP address for this purpose. Only need setup 'SSL certificate' for certain domain for this purpose. Kloxo-MR will be create SSL certificate files inside '/home/<user>/ssl'.

Need update to Kloxo-MR 6.5.1.b-2014042004 for this 'new' feature. And need run 'cleanup' because this 'new' feature need web config adjustment.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Hi,
Kloxo-MR will be create SSL certificate files inside '/home/<user>/ssl'.

Thats really a bad design to have a special and specific extra directory for one certificate.

6.5.0f users will not avail the advantage of any SSL feature.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
We can talk millions words a day. We can give thousands idea a day.

But, to realize an idea maybe need more than 1 days (maybe a week, month or year)!.

Also very easy to talk what's other people as bad on work.

So, please stop useless talk!.

Ok, you think 'Thats really a bad design to have a special and specific extra directory for one certificate.' So, what's better/best design?.

Again, because 6.5.0 already final (symbolize as 'f' in version) that mean NO new features.
« Last Edit: 2014-04-20, 22:23:07 by MRatWork »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
+1 for Domain based SSL.  I have a server that has a few SSL and I was eating the cost of the extra ip's to keep the clients happy.

Thank you :)
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Hi Mustafa,
We can talk millions words a day. We can give thousands idea a day.
But, to realize an idea maybe need more than 1 days (maybe a week, month or year)!.
Also very easy to talk what's other people as bad on work.
So, please stop useless talk!.
Ok, you think 'Thats really a bad design to have a special and specific extra directory for one certificate.' So, what's better/best design?.

You are a person who did not learn to accept criticism, right? When did you accept a criticism the last in your life and clearly reflect on it. At your age, you require to learn this and teach your kids, like I do.

Did you inform yourself of whats going on the internet and bad coding habits. Your habits are perfectly bad coding habits.

I started in 1983 coding Fortran and Cobol with a harddrive of 16 megabyte. Do not talk to me any further rubbish like you did above and make me angry on your silly coding habits and security attitudes. You have done an excellent job with your fork but that does not mean that you are the best on the internet.

Did you know what programmers are doing in Linux and Centos?

They are moving to standardization, shifting things under /var. Did you inform about the new coding standrad under linux before barking me with a lot of pride of your coding habits?

Did you realize how many users are having problems because of so many problems?

For a tiny little thing you are crearting a small directory to store 4 files.

I congratulate you for implementing SSL. Fine that you do not offer it for 6.5.0f. Thats OK. But do not tell me that the naming convention of files, the directory tree you have generated are the best practices in linux. I know precisely what I am talking about and inform yourself before on what are good practices first.

Simply because YOU did it did not mean that they are the best practices.

Why did you not follow the industry standard of storing the SSL certificates where they have always been stored? Many other programs need to coordinate with it? What fun did you have to do that by talking the coordination possibility with other programs away and reduce this to a kloxo thing?
« Last Edit: 2014-04-21, 00:44:25 by Kloxo-DR »

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Hi Mustafa,
We can talk millions words a day. We can give thousands idea a day.
But, to realize an idea maybe need more than 1 days (maybe a week, month or year)!.
Also very easy to talk what's other people as bad on work.
So, please stop useless talk!.
Ok, you think 'Thats really a bad design to have a special and specific extra directory for one certificate.' So, what's better/best design?.

You are a person who did not learn to accept criticism, right? When did you accept a criticism the last in your life and clearly reflect on it. At your age, you require to learn this and teach your kids, like I do.

Did you inform yourself of whats going on the internet and bad coding habits. Your habits are perfectly bad coding habits.

I started in 1983 coding Fortran and Cobol with a harddrive of 16 megabyte. Do not talk to me any further rubbish like you did above and make me angry on your silly coding habits and security attitudes. You have done an excellent job with your fork but that does not mean that you are the best on the internet.

Did you know what programmers are doing in Linux and Centos?

They are moving to standardization, shifting things under /var. Did you inform about the new coding standrad under linux before barking me with a lot of pride of your coding habits?

Did you realize how many users are having problems because of so many problems?

For a tiny little thing you are crearting a small directory to store 4 files.

I congratulate you for implementing SSL. Fine that you do not offer it for 6.5.0f. Thats OK. But do not tell me that the naming convention of files, the directory tree you have generated are the best practices in linux. I know precisely what I am talking about and inform yourself before on what are good practices first.

Simply because YOU did it did not mean that they are the best practices.

Why did you not follow the industry standard of storing the SSL certificates where they have always been stored? Many other programs need to coordinate with it? What fun did you have to do that by talking the coordination possibility with other programs away and reduce this to a kloxo thing?
Still critic without what's better and again it's useless.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Hi Mustafa,
Still critic without what's better and again it's useless.

Since 1983, I have seen so many events of programming and development. I have seen the internet  and computer's world growing.  I do not want to claim anything better. I only want you to draw your attention to keep and maintain the inductry standard that so many companies are following. The reseaches shows that more the deviation of a standard occurs less is its usability and more are the problems.

Lets see from the point of view of csf. Why did csf make many scripts for cPanel? Because cPanel maintained very good industry standard as against Parellal's  Plesk. Still no one dars to challange Plesk's stability.

I learned the intention of /etc in 1994, exactly twenty years ago. What was the main intention of the dir /etc?

Why did you bring everything under /home? Is apache configuration meant to be under /home? You deviated from the linux standard right? Ofocurse , there is no one to prohibit you. Then, you will create a little Mustafa World within kloxomr.

What is /etc/ssl directory for? Why is there a link for cert inside ln /etc/ssl/cert pointing to ../pki/tls/certs What is this link doing /etc/ssl/pki/tls/certs in there? If all programmers do not follow such standard, then linux world comes in a real chaos.

Some one has to tell you that you are in a wrong direction. You need to work in a team for your excellent work that you are doing.

By deviating with your work the industry standrad, you are unterestimating and underevaluating your own work.

By providing buggy and untested software you are lowering your excellent work to make less impact of your work.

By announcing ridiculous and stupid announcement on security concerns to "not to use firewall" you are making a joke of yourself.

Then people and the industry shall not take you serious and your work on kloxomr will receive very less impact in the industry.

I tell you as your well wisher because I like the manner you have taken the damn challange. Very unfortunately you are a single programmer in the team, a one man show. So I do not expect a revolution from you as a team as you have very very very minimum and restricted resources.

But things like ssl design by you does not depend on material resources but intellegence of using /etc/ssl/cert ln .../pki/tls/certs directory or not.

Thats were you fail.



Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Mustafa, any special consideration for current SSL configurations?  What will happen when I upgrade?
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Nothing problem when upgrade but ssl upgrade need delete the old one and then create the one.

INFO: the reason why domain-based ssl files inside /home/<user>/ssl because better if user backup also backup their ssl. Basically backup process will be backup content of each client. So, all files under /home/<user> will be backup in backup process. Surely, also restore in restoring process. That it.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Hi,
INFO: the reason why domain-based ssl files inside /home/<user>/ssl because better if user backup also backup their ssl. Basically backup process will be backup content of each client. So, all files under /home/<user> will be backup in backup process. Surely, also restore in restoring process. That it.

SSl certificates are domain and server related. They belong to the domain directory where user specific files specific are stored.

Currently, you created a tree for user specific as below:

/home/httpd/domain.com/__dirprotect
/home/httpd/domain.com/stats
/home/httpd/domain.com/conf
/home/httpd/domain.com/webstats

Looking at your own convention, why cannot you do the following:

/home/httpd/domain.com/ssl

under the same directory structure.

The backup and restore does pick up data from /var/mysql also. So backup and restore may also pack in tar /home/httpd/domain.com/ssl also.

Now why do you have a table called sslcert in mysql?

Why should you want to pack a cert from ssl dir? Thats already in the mysql table sslcert?

In the restoration, simply generate the certificate. There iis really no need to pack the ssl directory, right? All the generation mechanism remains the same under the same architecture. Further, the generation during the restoration makes a fresh certificate with a new date.

Thats better.



Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [INFO] Domain-based SSL Certificate since 6.5.1.b-2014042004
« Reply #10 on: 2014-04-21, 17:12:33 »
Better inside user dir because simple to backup and also possible other dirs to move under user also. That it.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [INFO] Domain-based SSL Certificate since 6.5.1.b-2014042004
« Reply #11 on: 2014-04-21, 18:05:17 »
Thats precisely the reason why it should be under /home/httpd/domain.com because if the ownership of a domain.com changes from one client to anathor, then it could also change it for SSL.

But there "are reasons" why I should agree and, thus, I agree to you.

Offline nmpribeiro

  • Valuable Member
  • *
  • Posts: 69
  • Karma: +1/-0
    • View Profile
Re: [INFO] Domain-based SSL Certificate since 6.5.1.b-2014042004
« Reply #12 on: 2014-06-26, 16:41:22 »
Is 6.5.1.b still in dev? I really liked to have that feature in prod env.

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine
Click Here

Page created in 0.055 seconds with 22 queries.

web stats analysis