There's a feature on Apache names SNI (Server Name Indication). It's supported on almost all modern browsers, so you can set it up and almost nobody will complain.
You can see the complete explanation along with examples at http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI This way you can host all servers on the same Apache, with the same IP address, and have different certificates for each. I never tested this setup, but I think it will work. Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. 2013/12/2 Veencamp, Jonathon D. <[email protected]> > I think it's called IP aliasing or something like that. We have a single > NIC advertising a bunch of IP addresses, and have a different apache > listener on each one. > > We do that via this command in a system startup script on Suse Linux. > "ip address add 192.168.69.60/24 brd + dev eth0 label eth0:60" > > And then ifconfig to list the network addresses shows this: > > lnx-dhttp:~ # ifconfig > eth0 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.34 Bcast:161.250.69.255 Mask:255.255.255.0 > inet6 addr: fe80::200:300:100:5/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > RX packets:51739450 errors:0 dropped:0 overruns:0 frame:0 > TX packets:51033519 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:25357355357 (24182.6 Mb) TX bytes:28616518230 (27290.8 > Mb) > > eth0:60 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.60 Bcast:161.250.69.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > > eth0:61 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.61 Bcast:161.250.69.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > > eth0:62 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.62 Bcast:161.250.69.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > > eth0:63 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.63 Bcast:161.250.69.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > > eth0:64 Link encap:Ethernet HWaddr 02:00:03:00:00:05 > inet addr:192.168.69.64 Bcast:161.250.69.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1492 Metric:1 > > And then start all the different apache's with something like this: > /opt/local/HTTPServer/bin/apachectl -f conf/httpd.eth061.conf -k start -D > eth061 > /opt/local/HTTPServer/bin/apachectl -f conf/httpd.eth062.conf -k start -D > eth062 > /opt/local/HTTPServer/bin/apachectl -f conf/httpd.eth063.conf -k start -D > eth063 > /opt/local/HTTPServer/bin/apachectl -f conf/httpd.eth064.conf -k start -D > eth064 > > And I'm reasonably sure when I created the certificates for these, I added > the various IP addresses & DNS hostnames for them to the extension aliases > field, and one certificate covered all of them. > > Jon Veencamp > > > -----Original Message----- > From: Linux on 390 Port [mailto:[email protected]] On Behalf Of > Marcy Cortes > Sent: Friday, November 29, 2013 12:38 PM > To: [email protected] > Subject: Re: Thoughts on multiple certificates for Apache host > > Martha wrote: > > For example, could we host multiple IPs from the same NIC if the > > server is on a layer 2 vswitch? (Will it do trunking, basically?) Is > > there an easier way to approach this? > > If you haven't already figured this out (and hopefully you've been off > eating turkey and pumpkin pie instead of having to configure IP > addresses...) > > This is very simple with yast2 on SuSE. > > Just go into Yast2 > Click Network Devices > Select the current one and click Edit > Go down to the "Additional Addresses" section > Click Add > Name it (vip0 or whatever you'd like) > put in the IP and Netmask > > Et voila! Immediately usable and visible in "ifconfig". > > (It basically just adds a couple of lines to the eth0 device (or whatever > device yours is called) in /etc/sysconfig/network and does whatever is > needed to dynamically activate it. > > Marcy > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > ________________________________ > > The information contained in this e-mail message is intended only for the > personal and confidential use of the designated recipient(s) named above. > This message may be an attorney-client or work product communication which > is privileged and confidential. It may also contain protected health > information that is protected by federal law. If you have received this > communication in error, please notify us immediately by telephone and > destroy (shred) the original message and all attachments. Any review, > dissemination, distribution or copying of this message by any person other > than the intended recipient(s) or their authorized agents is strictly > prohibited. Thank you. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
