Re: Thoughts on multiple certificates for Apache host

Tue, 26 Nov 2013 13:43:38 -0800 

On Tue, Nov 26, 2013 at 3:58 PM, Martha McConaghy <u...@vm.marist.edu> wrote:
> Certs for securing connections have always been a "black art" to me.  So, I
> have a feeling that a few of you on this list will probably have some good
> ideas for us.

Black art ... fair assessment. But rest easy; just pay no attention to
that man behind the curtain.

> We run a lot of Apache web servers on zLinux (SLES 11 mainly).  Several are
> "general use" web servers, i.e. we have a lot of little web sites running as
> vhosts on one virtual server.  They all share the same IP address and Apache
> sorts out "who is who" on the incoming transaction based on the URL requested.

Right. Virtual hosting.

> Now, from what little I understand of certs, there can be only 1 per IP
> address.  So, if we get cert for the general use web server, it will apply to
> all vhosts on that server.  If we want individual certs for each vhost, we
> would have to supply an IP/NIC for each.  Do I have that correct?  If so,
> any ideas on how to get around that?

Sad, but true.
However, if the virtual hosts can all fit under one wildcard, you may
get some relief. You'd still have only one certificate, but you would
not lose your virual hosting.
See Apache's wiki page about this ...

        http://wiki.apache.org/httpd/NameBasedSSLVHosts

> For example, could we host multiple IPs from the same NIC if the server is
> on a layer 2 vswitch?  (Will it do trunking, basically?)  Is there an easier
> way to approach this?

Works on my Layer 2 VSwitch.

> Martha
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------------------------------------------------------------------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/



--
-- R;
Rick Troth
Velocity Software
http://www.velocitysoftware.com/

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Reply via email to