From ceedab3a6e7b3fd367be12bdcbe50d2fd25eed2d Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Fri, 15 Oct 2010 08:32:35 +0000
Subject: [PATCH] - put enable/disable ssl in the settings overview - added
 SSLCertificateChainFile to IPs and ports and webserver-cron, fixes #418 -
 added domain-specific ssl-settings for lighttpd

---
 actions/admin/settings/130.webserver.php      |  1 +
 admin_ipsandports.php                         | 49 ++++++++++++++-
 install/froxlor.sql                           | 12 ++--
 .../updates/froxlor/0.9/update_0.9.inc.php    | 17 +++++
 .../preconfig/0.9/preconfig_0.9.inc.php       | 12 ++++
 lib/tables.inc.php                            |  2 +-
 lng/english.lng.php                           |  3 +
 lng/german.lng.php                            |  3 +
 .../jobs/cron_tasks.inc.http.10.apache.php    | 26 ++++++++
 .../jobs/cron_tasks.inc.http.20.lighttpd.php  | 62 ++++++++++++++++---
 .../admin/ipsandports/ipsandports_add.tpl     |  4 ++
 .../admin/ipsandports/ipsandports_edit.tpl    |  4 ++
 12 files changed, 179 insertions(+), 16 deletions(-)

diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php
index b5c7917b..29c04e28 100644
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -198,6 +198,7 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					'overview_option' => true
 					),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
diff --git a/admin_ipsandports.php b/admin_ipsandports.php
index 2a1fe2cc..f6ea239f 100644
--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -145,6 +145,7 @@ if($page == 'ipsandports'
 			$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
 			$ssl_key_file = validate($_POST['ssl_key_file'], 'ssl_key_file');
 			$ssl_ca_file = validate($_POST['ssl_ca_file'], 'ssl_ca_file');
+			$ssl_cert_chainfile = validate($_POST['ssl_cert_chainfile'], 'ssl_cert_chainfile');
 			$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
 			
 			if($listen_statement != '1')
@@ -187,6 +188,11 @@ if($page == 'ipsandports'
 				$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 			}
 
+			if($ssl_cert_chainfile != '')
+			{
+				$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
+			}
+
 			$result_checkfordouble = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($ip) . "' AND `port`='" . (int)$port . "'");
 
 			if($result_checkfordouble['id'] != '')
@@ -195,7 +201,22 @@ if($page == 'ipsandports'
 			}
 			else
 			{
-				$db->query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "` (`ip`, `port`, `listen_statement`, `namevirtualhost_statement`, `vhostcontainer`, `vhostcontainer_servername_statement`, `specialsettings`, `ssl`, `ssl_cert_file`, `ssl_key_file`, `ssl_ca_file`, `default_vhostconf_domain`) VALUES ('" . $db->escape($ip) . "', '" . (int)$port . "', '" . (int)$listen_statement . "', '" . (int)$namevirtualhost_statement . "', '" . (int)$vhostcontainer . "', '" . (int)$vhostcontainer_servername_statement . "', '" . $db->escape($specialsettings) . "', '" . (int)$ssl . "', '" . $db->escape($ssl_cert_file) . "', '" . $db->escape($ssl_key_file) . "', '" . $db->escape($ssl_ca_file) . "', '" . $db->escape($default_vhostconf_domain) . "')");
+				$db->query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "`
+					SET 
+						`ip` = '" . $db->escape($ip) . "', 
+						`port` = '" . (int)$port . "', 
+						`listen_statement` = '" . (int)$listen_statement . "', 
+						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
+						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
+						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
+						`specialsettings` = '" . $db->escape($specialsettings) . "', 
+						`ssl` = '" . (int)$ssl . "', 
+						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
+						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
+						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
+						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
+						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "';
+					");
 
 				if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
 				{
@@ -241,6 +262,7 @@ if($page == 'ipsandports'
 				$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
 				$ssl_key_file = validate($_POST['ssl_key_file'], 'ssl_key_file');
 				$ssl_ca_file = validate($_POST['ssl_ca_file'], 'ssl_ca_file');
+				$ssl_cert_chainfile = validate($_POST['ssl_cert_chainfile'], 'ssl_cert_chainfile');
 				$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
 				
 				if($listen_statement != '1')
@@ -283,6 +305,11 @@ if($page == 'ipsandports'
 					$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 				}
 
+				if($ssl_cert_chainfile != '')
+				{
+					$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
+				}
+
 				if($result['ip'] != $ip
 				   && $result['ip'] == $settings['system']['ipaddress']
 				   && $result_sameipotherport['id'] == '')
@@ -296,7 +323,25 @@ if($page == 'ipsandports'
 				}
 				else
 				{
-					$db->query("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "` SET `ip`='" . $db->escape($ip) . "', `port`='" . (int)$port . "', `listen_statement`='" . (int)$listen_statement . "', `namevirtualhost_statement`='" . (int)$namevirtualhost_statement . "', `vhostcontainer`='" . (int)$vhostcontainer . "', `vhostcontainer_servername_statement`='" . (int)$vhostcontainer_servername_statement . "', `specialsettings`='" . $db->escape($specialsettings) . "', `ssl`='" . (int)$ssl . "', `ssl_cert_file`='" . $db->escape($ssl_cert_file) . "', `ssl_key_file`='" . $db->escape($ssl_key_file) . "', `ssl_ca_file`='" . $db->escape($ssl_ca_file) . "', `default_vhostconf_domain`='" . $db->escape($default_vhostconf_domain) . "' WHERE `id`='" . (int)$id . "'");
+
+					$db->query("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "`
+					SET 
+						`ip` = '" . $db->escape($ip) . "', 
+						`port` = '" . (int)$port . "', 
+						`listen_statement` = '" . (int)$listen_statement . "', 
+						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
+						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
+						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
+						`specialsettings` = '" . $db->escape($specialsettings) . "', 
+						`ssl` = '" . (int)$ssl . "', 
+						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
+						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
+						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
+						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
+						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "'
+					WHERE `id`='" . (int)$id . "'
+					");
+
 					$log->logAction(ADM_ACTION, LOG_WARNING, "changed IP/port from '" . $result['ip'] . ":" . $result['port'] . "' to '" . $ip . ":" . $port . "'");
 					inserttask('1');
 					inserttask('4');
diff --git a/install/froxlor.sql b/install/froxlor.sql
index 044bbfcb..194aa58c 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -337,6 +337,7 @@ CREATE TABLE `panel_ipsandports` (
   `ssl_key_file` varchar(255) NOT NULL,
   `ssl_ca_file` varchar(255) NOT NULL,
   `default_vhostconf_domain` text NOT NULL,
+  `ssl_cert_chainfile` varchar(255) NOT NULL,
   PRIMARY KEY  (`id`)
 ) TYPE=MyISAM ;
 
@@ -460,7 +461,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.14-svn3');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.14-svn4');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');
@@ -507,9 +508,9 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (67, 'logger', 'logfile', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (68, 'logger', 'logtypes', 'syslog,mysql');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (69, 'logger', 'severity', '1');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (70, 'system','ssl_cert_file','/etc/apache2/apache2.pem');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (71, 'system','use_ssl','1');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (72, 'system','openssl_cnf','[ req ]\r\ndefault_bits = 1024\r\ndistinguished_name = req_distinguished_name\r\nattributes = req_attributes\r\nprompt = no\r\noutput_password =\r\ninput_password =\r\n[ req_distinguished_name ]\r\nC = DE\r\nST = froxlor\r\nL = froxlor    \r\nO = Testcertificate\r\nOU = froxlor        \r\nCN = @@domain_name@@\r\nemailAddress = @@email@@    \r\n[ req_attributes ]\r\nchallengePassword =\r\n');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (70, 'system', 'ssl_cert_file', '/etc/apache2/apache2.pem');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (71, 'system', 'use_ssl', '0');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (72, 'system', 'openssl_cnf', '[ req ]\r\ndefault_bits = 1024\r\ndistinguished_name = req_distinguished_name\r\nattributes = req_attributes\r\nprompt = no\r\noutput_password =\r\ninput_password =\r\n[ req_distinguished_name ]\r\nC = DE\r\nST = froxlor\r\nL = froxlor    \r\nO = Testcertificate\r\nOU = froxlor        \r\nCN = @@domain_name@@\r\nemailAddress = @@email@@    \r\n[ req_attributes ]\r\nchallengePassword =\r\n');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (73, 'system', 'default_vhostconf', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (74, 'system', 'mail_quota_enabled', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (75, 'system', 'mail_quota', '100');
@@ -550,7 +551,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (110, 'panel', 'allow_domain_change_customer', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (111, 'system', 'mod_fcgid_maxrequests', '250');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (112, 'system','ssl_key_file','/etc/apache2/apache2.key');
-INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (113, 'system','ssl_ca_file','');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (113, 'system','ssl_ca_file', '');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (114, 'panel', 'frontend', 'froxlor');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (115, 'spf', 'use_spf', '0');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (116, 'spf', 'spf_entry', '@	IN	TXT	"v=spf1 a mx -all"');
@@ -591,6 +592,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (151, 'system', 'awstats_awstatspath', '/usr/bin/');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (152, 'system', 'mod_fcgid_defaultini_ownvhost', '1');
 INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (153, 'system', 'awstats_icons', '/usr/share/awstats/icon/');
+INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (154, 'system', 'ssl_cert_chainfile', '');
 
 # --------------------------------------------------------
 
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index f271d820..a9433db1 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -1122,3 +1122,20 @@ if(isFroxlorVersion('0.9.14-svn2'))
 
 	updateToVersion('0.9.14-svn3');
 }
+
+if(isFroxlorVersion('0.9.14-svn3'))
+{
+	showUpdateStep("Updating from 0.9.14-svn3 to 0.9.14-svn4", false);
+
+	$update_ssl_cert_chainfile = isset($_POST['update_ssl_cert_chainfile']) ? makeCorrectFile($_POST['update_ssl_cert_chainfile']) : '';	
+
+	showUpdateStep("Adding SSLCertificateChainFile to the settings");
+	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('system', 'ssl_cert_chainfile', '".$db->escape($update_ssl_cert_chainfile)."');");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding new field to IPs and ports for SSLCertificateChainFile");
+	$db->query("ALTER TABLE `".TABLE_PANEL_IPSANDPORTS."` ADD `ssl_cert_chainfile` varchar(255) NOT NULL AFTER `default_vhostconf_domain`;");
+	lastStepStatus(0);
+
+	updateToVersion('0.9.14-svn4');
+}
diff --git a/install/updates/preconfig/0.9/preconfig_0.9.inc.php b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
index c6d5a60b..3cafbe0e 100644
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -322,4 +322,16 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
+
+	if(versionInUpdate($current_version, '0.9.14-svn4'))
+	{
+		if((int)$settings['system']['use_ssl'] == 1)
+		{
+			$has_preconfig = true;
+			$description = 'Froxlor now has the possibility to set \'SSLCertificateChainFile\' for the apache webserver.';
+			$question = '<strong>Enter filename (leave empty for none):</strong>&nbsp;';
+			$question.= '<input type="text" class="text" name="update_ssl_cert_chainfile" value="'.$settings['system']['ssl_cert_chainfile'].'" />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }
diff --git a/lib/tables.inc.php b/lib/tables.inc.php
index 282eac32..5628aed8 100644
--- a/lib/tables.inc.php
+++ b/lib/tables.inc.php
@@ -72,7 +72,7 @@ define('PACKAGE_ENABLED', 2);
 
 // VERSION INFO
 
-$version = '0.9.14-svn3';
+$version = '0.9.14-svn4';
 $dbversion = '2';
 $branding = '';
 
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 4a926790..834cbc9c 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1503,4 +1503,7 @@ $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'] = 'Default PHP config
 $lng['serversettings']['awstats_icons']['title'] = 'Path to awstats icons folder';
 $lng['serversettings']['awstats_icons']['description'] = 'e.g. /usr/share/awstats/htdocs/icon/';
 
+// ADDED IN FROXLOR 0.9.14-svn4
+$lng['admin']['ipsandports']['ssl_cert_chainfile'] = 'Path to the SSL CertificateChainFile';
+
 ?>
diff --git a/lng/german.lng.php b/lng/german.lng.php
index d5e807a5..561e9f8c 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1486,4 +1486,7 @@ $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'] = 'Voreingestellte PH
 $lng['serversettings']['awstats_icons']['title'] = 'Pfad zum Awstats icons Ordner';
 $lng['serversettings']['awstats_icons']['description'] = 'z.B. /usr/share/awstats/htdocs/icon/';
 
+// ADDED IN FROXLOR 0.9.14-svn4
+$lng['admin']['ipsandports']['ssl_cert_chainfile'] = 'Pfad zu dem SSL CertificateChainFile';
+
 ?>
diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 61e2cac7..51c10b4b 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -268,6 +268,12 @@ class apache
 						$row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
 					}
 
+					// #418
+					if($row_ipsandports['ssl_cert_chainfile'] == '')
+					{
+						$row_ipsandports['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
+					}
+
 					if($row_ipsandports['ssl_cert_file'] != '')
 					{
 						$this->virtualhosts_data[$vhosts_filename].= ' SSLEngine On' . "\n";
@@ -282,6 +288,12 @@ class apache
 						{
 							$this->virtualhosts_data[$vhosts_filename].= ' SSLCACertificateFile ' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . "\n";
 						}
+
+						// #418
+						if($row_ipsandports['ssl_cert_chainfile'] != '')
+						{
+							$this->virtualhosts_data[$vhosts_filename].= '  SSLCertificateChainFile ' . makeCorrectFile($row_ipsandports['ssl_cert_chainfile']) . "\n";
+						}
 					}
 				}
 
@@ -659,6 +671,8 @@ class apache
 		$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
 		$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
 		$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
+		// #418
+		$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
 
 		if(filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
 		{
@@ -705,6 +719,12 @@ class apache
 					$domain['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
 				}
 
+				// #418
+				if($domain['ssl_cert_chainfile'] == '')
+				{
+					$domain['ssl_cert_chainfile'] = $this->settings['system']['ssl_cert_chainfile'];
+				}
+
 				if($domain['ssl_cert_file'] != '')
 				{
 					$vhost_content.= '  SSLEngine On' . "\n";
@@ -719,6 +739,12 @@ class apache
 					{
 						$vhost_content.= '  SSLCACertificateFile ' . makeCorrectFile($domain['ssl_ca_file']) . "\n";
 					}
+
+					// #418
+					if($domain['ssl_cert_chainfile'] != '')
+					{
+						$vhost_content.= '  SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
+					}
 				}
 			}
 
diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
index 16dd6855..ae94f800 100644
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
@@ -136,8 +136,26 @@ class lighttpd
 	
 			if($row_ipsandports['ssl'] == '1')
 			{
-				$this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n";
-				$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . $row_ipsandports['ssl_cert_file'] . '"' . "\n";
+				if($row_ipsandports['ssl_cert_file'] == '')
+				{
+					$row_ipsandports['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
+				}
+
+				if($row_ipsandports['ssl_ca_file'] == '')
+				{
+					$row_ipsandports['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
+				}
+				
+				if($row_ipsandports['ssl_cert_file'] != '')
+				{
+					$this->lighttpd_data[$vhost_filename].= 'ssl.engine = "enable"' . "\n";
+					$this->lighttpd_data[$vhost_filename].= 'ssl.pemfile = "' . makeCorrectFile($row_ipsandports['ssl_cert_file']) . '"' . "\n";
+					
+					if($row_ipsandports['ssl_ca_file'] != '')
+					{
+						$this->lighttpd_data[$vhost_filename].= 'ssl.ca-file = "' . makeCorrectFile($row_ipsandports['ssl_ca_file']) . '"' . "\n";
+					}
+				}
 			}
 
 			/**
@@ -313,12 +331,6 @@ class lighttpd
 			{
 				$this->lighttpd_data[$vhost_filename] = '';
 			}
-					
-			$query = "SELECT * FROM " . TABLE_PANEL_IPSANDPORTS . " WHERE `id`='" . $domain['ipandport'] . "'";
-			$ipandport = $this->db->query_first($query);
-			$domain['ip'] = $ipandport['ip'];
-			$domain['port'] = $ipandport['port'];
-			$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
 
 			if((!empty($this->lighttpd_data[$vhost_filename])
 				&& !is_dir($this->settings['system']['apacheconf_vhost']))
@@ -364,6 +376,7 @@ class lighttpd
 		$domain['ip'] = $ipandport['ip'];
 		$domain['port'] = $ipandport['port'];
 		$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
+		$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
 
 		if(filter_var($domain['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
 		{
@@ -400,6 +413,7 @@ class lighttpd
 				$vhost_content.= $this->composePhpOptions($domain);
 				$vhost_content.= $this->getStats($domain);
 				$vhost_content.= $this->getLogFiles($domain);
+				$vhost_content.= $this->getSslSettings($domain, $ssl_vhost);
 			}
 		}
 
@@ -411,6 +425,38 @@ class lighttpd
 		return $vhost_content;
 	}
 
+	protected function getSslSettings($domain, $ssl_vhost)
+	{
+		$ssl_settings = '';
+		
+		if($ssl_vhost === true
+			&& $domain['ssl'] == '1'
+			&& (int)$this->settings['system']['use_ssl'] == 1
+		) {
+			if($domain['ssl_cert_file'] == '')
+			{
+				$domain['ssl_cert_file'] = $this->settings['system']['ssl_cert_file'];
+			}
+
+			if($domain['ssl_ca_file'] == '')
+			{
+				$domain['ssl_ca_file'] = $this->settings['system']['ssl_ca_file'];
+			}
+			
+			if($domain['ssl_cert_file'] != '')
+			{
+				$ssl_settings.= 'ssl.engine = "enable"' . "\n";
+				$ssl_settings.= 'ssl.pemfile = "' . makeCorrectFile($domain['ssl_cert_file']) . '"' . "\n";
+				
+				if($domain['ssl_ca_file'] != '')
+				{
+					$ssl_settings.= 'ssl.ca-file = "' . makeCorrectFile($domain['ssl_ca_file']) . '"' . "\n";
+				}
+			}
+		}
+		return $ssl_settings;
+	}
+
 	protected function getLogFiles($domain)
 	{
 		$logfiles_text = '';
diff --git a/templates/admin/ipsandports/ipsandports_add.tpl b/templates/admin/ipsandports/ipsandports_add.tpl
index 698c8556..1bf4342f 100644
--- a/templates/admin/ipsandports/ipsandports_add.tpl
+++ b/templates/admin/ipsandports/ipsandports_add.tpl
@@ -98,6 +98,10 @@ $header
 				<td class="main_field_name">{$lng['admin']['ipsandports']['ssl_ca_file']}:</td>
 				<td class="main_field_display" nowrap="nowrap"><input type="text" class="text" name="ssl_ca_file" value="" size="32" /></td>
 			</tr>
+			<tr>
+				<td class="main_field_name">{$lng['admin']['ipsandports']['ssl_cert_chainfile']}:</td>
+				<td class="main_field_display" nowrap="nowrap"><input type="text" class="text" name="ssl_cert_chainfile" value="" size="32" /></td>
+			</tr>
 			</if>
 			<tr>
 				<td class="main_field_confirm" colspan="2"><input type="hidden" name="send" value="send" /><input class="bottom" type="submit" value="{$lng['panel']['save']}" /></td>
diff --git a/templates/admin/ipsandports/ipsandports_edit.tpl b/templates/admin/ipsandports/ipsandports_edit.tpl
index 7d83c7f9..f944c0eb 100644
--- a/templates/admin/ipsandports/ipsandports_edit.tpl
+++ b/templates/admin/ipsandports/ipsandports_edit.tpl
@@ -95,6 +95,10 @@ $header
 				<td class="main_field_name">{$lng['admin']['ipsandports']['ssl_ca_file']}:</td>
 				<td class="main_field_display" nowrap="nowrap"><input type="text" class="text" name="ssl_ca_file" value="{$result['ssl_ca_file']}" size="32" /></td>
 			</tr>
+			<tr>
+				<td class="main_field_name">{$lng['admin']['ipsandports']['ssl_cert_chainfile']}:</td>
+				<td class="main_field_display" nowrap="nowrap"><input type="text" class="text" name="ssl_cert_chainfile" value="{$result['ssl_cert_chainfile']}" size="32" /></td>
+			</tr>
 			</if>
 			<tr>
 				<td class="main_field_confirm" colspan="2"><input type="hidden" name="send" value="send" /><input class="bottom" type="submit" value="{$lng['panel']['save']}" /></td>