Charles B Cranston wrote:
> > I'm trying to set up an Apache 2 based web server for multiple > > name based virtual hosts. As it is not possible with mod_ssl to > > have a seperate SSL certificate file for each virtual host... > > Actually, you can, but they have to have separate IP addresses. > (Requiring the server host to be multi-homed...)
As I wrote, I was talking about multiple name based (!) virtual hosts, and the mod_ssl FAQ states that you can't have a seperate SSL cert file for each of them <http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47>. I know that multiple IP based virtual hosts are a different matter, but unfortunately I only have on IP address available for the host in question.
What I am trying to achieve is that this single host uses one cert which includes multiple CNs, so that given the following DNS entries
www.domain1.org. IN A 123.234.123.234 www.domain2.net. IN A 123.234.123.234 www.domain3.com. IN A 123.234.123.234
users can access the server via
https://www.domain1.org/ https://www.domain2.net/ https://www.domain3.com/
without a warning about the URL host name not matching the certificate common name. I know that with mod_ssl all three URLs will result in the same web page to be displayed, but that is acceptable in this special case where a couple of domains are to mapped to one single web site.
Stephen Henson's suggestion allowed me to create and sign a certificate including multiple CNs. Using the Internet Explorer, any of the above URLs are accepted without a warning. With Mozilla and Mozilla Firefox, however, only the first available CN in the certificate is matched against the URL host name. If there is a way to alter this behaviour, I'd be glad to hear how, but as I wrote before, there are other mailing lists probably better suited for this matter. Of course, if you know how to persuade Mozilla/Firefox to not display their warnings, please do speak up here! ;-)
Ralph ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]