On Tue, 26 Nov 2013, Martha McConaghy wrote: > Now, from what little I understand of certs, there can be only 1 per IP > address.
formerly true, but not so any more for quite some time see: http://www.ietf.org/rfc/rfc3546.txt for the standard , called SNI -- Server Name Indication (section 3.1 and following). The RFC dates from June 2003 but it took a few years to propigate through the system ;) > So, if we get cert for the general use web server, it will apply to > all vhosts on that server. If we want individual certs for each vhost, we > would have to supply an IP/NIC for each. Do I have that correct? If so, > any ideas on how to get around that? As I say, SNI gets around this http://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm in browsers that know how to use it. Any recent browser will; older browsers should be retired anyway as they almost certainly have unpatched security issues http://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm [ No particular reason to prefer their doco, but a search on Google put it forth first ] We have done it with the StartCom SSL certs as well in the past. I recall editting the file from mod_ssl in /etc/httpd/conf.d/ , rather than the vhost specification .conf file , but this is local workflow related -- Russ herrold ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
