We can provide you with the following SSL options (see below for descriptions):

In the past, we have offered customers a free option to access their sites over HTTPS by using an SSL certificate that has been issued for *.joyent.us. A dedicated IP was not needed here as the certificate was available to all sites hosted on the server's shared IP address.

When the site was accessed over HTTPS with a shared certificate, the browser would show a warning to visitors as the certificate was issued for *.joyent.us only and not the domain it was being used for, making this useful for those customers who were interested in protecting a non-public facing site.

Making use of Server Name Indication (SNI), Virtualmin will now generate a certificate to protect *.yourdomain.com, while still allowing you to use the server's shared IP address. Most modern browsers provide support for SNI, however you will still receive a warning, in this case that the certificate is not signed by an authority. If your visitor is using a browser that does not provide the necessary support, *.joyent.us will be used as a fall back.

There are still trade-offs, in that you do not have a certificate issues by a trusted authority. When accessed over HTTPS with this certificate, your site will always show a warning to visitors, still making this primarily useful for those customers interested in protecting a non-public facing site.

To enable this SSL setup for your site:

1. Sign in to Virtualmin (see Account logins and important URLs).
2. Select a domain from the drop-down in the left-hand navigation (your main domain should be already selected when you first login to Virtualmin). This is the domain that you'll enable SSL for.
3. Click Edit Virtual Server.
4. Click Enabled features and then select SSL website enabled? (this assumes you already have Apache website enabled? turned on of course).
5. Click Save Virtual Server.
6. A page will show up warning you that SSL cannot be enabled for more than one domain on the IP address. Click Yes, Modify Virtual Server to override and conclude with the SSL setup.

If you already have had shared SSL setup implemented earlier (by means of a support request), it will still work as before, but the checkbox will not show up as enabled, because the technical implementation is different. Enabling the checkbox now, however, will automatically convert the setup to the new form.

These issues are believed to be resolved now (provided your SSL is implemented using the new form, with the SSL checkbox showing up enabled), though we'd welcome feedback from you:

• Any SVN operations going over SSL, which are based on COPY (e.g. branching, tagging) will not work with a shared certificate.
• Any application running on such setup (e.g. PHP scripts, Rails/Mongrel) will not be able to sense the originating protocol properly (technically speaking: you're not getting a separate Apache listener for HTTPS). This makes it pretty much a blind protection: it does protect your site, but any code or scripts you have will not be able to see whether the request came over HTTP or HTTPS. This rules out any smart redirects too.

This setup covers a single FQDN (Fully Qualified Domain name) at $60/year. A dedicated IP is needed at $60/year and a $100 total setup fee is involved. The standard (non-wildcard) certificate will protect a single hostname only (e.g. domain.com, www.domain.net or secure.domain.org).

The standard certificate will be signed by RapidSSL, which is a GeoTrust brand. See more information on the RapidSSL certificate page on the issuer site.

This setup covers all subdomains in a single domain at $200/year. A dedicated IP is needed at $60/year and a $100 setup fee is involved. A wildcard certificate will protect a full range of subdomains (e.g. if issued for *.domain.com, it would protect www.domain.com, secure.domain.com, anything.domain.com, etc. - but not domain.com itself). The wildcard certificate will be signed by RapidSSL, which is a GeoTrust brand. See more information on the RapidSSL Wildcard certificate page on the issuer site.

You can provide us with your own certificate (either purchased elsewhere, or self-signed), in which case only the dedicated IP cost applies ($60/year) plus half the setup fee ($50).