Wildcard Certs: Create Virtual Server Fails

2 posts / 0 new
Last post
#1 Sun, 10/19/2008 - 14:01
fatbear

Wildcard Certs: Create Virtual Server Fails

I have a wildcard cert and tried to add the sub-server "team.fatbear.com" to fatbear.com which has a private IP address and got the error message:

Failed to modify server: The IP address is already used by virtual server fatbear.com

I did note that when creating the virtual sub-server (as the Virtualmin administrator), that the IP address and forwarding showed the shared IP address by default. Since I have a wildcard cert, I changed this to the private IP address already established for fatbear.com and checked the Already active button.

I note that trying to create the sub-server when logged in as the non-privileged user doesn't even have an option for setting the IP address. And, it does appear to assign the shared IP address and not give any option to set the IP address to one already associated with the primary domain.

Is there a method for adding sub-servers that share the same IP address because they are using a wildcard cert?

I suppose I can create the server "team.fatbear.com" with the shared IP address and then modify the file:

/var/named/chroot/var/named/team.fatbear.com.hosts

and change the IP addresses in it to that used by *.fatbear.com, but I'm not sure that will work.

Comments?<br><br>Post edited by: fatbear, at: 2008/10/19 14:18

Mon, 10/20/2008 - 13:10
Joe
Joe's picture

Don't try to work around. Help us get it fixed so you don't have to work around. ;-)

I was thinking that Jamie has already added wildcard support a revision or so back, but I might be completely imagining it.

If you're using the latest version of Virtualmin, file a &quot;Feature Request&quot; ticket in the tracker (be sure to reference this thread, so Jamie knows the whole story). I believe recognizing wild cards should be reasonably simple...if the code isn't already capable of this, it might take a while to get it written, since it does change the rules quite a bit. But, it'd be a capability worth having, and a good step towards support of the new name-based SSL protocol, as well.

--

Check out the forum guidelines!

Topic locked