Hi Ritesh Go through following link http://blogs.techrepublic.com.com/opensource/?p=987
OR With Apache 2.2.12 and support for the SNI (Server Name Indication) extension to the SSL protocol, you can configure name-based HTTPS sites, just as you can name-based HTTP sites. ————————————————————————————— As the Apache Web server grows and matures, new features are added and old bugs are fixed. Perhaps one of the most important new features added to recent Apache versions (2.2.12, to be specific) is the long-awaited support for multiple SSL sites on a single IP address. Traditionally, it was only possible to have an SSL-enabled Web site if it was bound to one particular IP address. This has caused a lot of grief and frustration because if you had only two IP addresses, you could only have two SSL-enabled sites. On two IP addresses you can have any number of regular HTTP sites strung out across them both or bound to a single IP, but for each of these, only one HTTPS site. What made this even more frustrating is that if www.example1.com and www.example2.com were on the same IP and example1.com had an HTTPS site as well, going to https://www.example2.com/ would, in fact, take you to the equivalent of visiting https://www.example1.com/. This meant that most people who wanted HTTPS sites had to restrict one site (both HTTP and HTTPS variants) to a single IP address to avoid this type of confusion. With Apache 2.2.12 and support for the SNI (Server Name Indication) extension to the SSL protocol, this has changed completely. Now you can configure name-based HTTPS sites, just as you can configure name-based HTTP sites. The bottom line is that the five IPs that you needed today to run five SSL sites can be reduced to one IP tomorrow (provided, of course, you use the newer Apache). There are some prerequisites, however: The server, obviously, must use Apache 2.2.12 or higher.It must also use OpenSSL 0.9.8f or later and must be built with the TLS extensions option.And Apache must be built against this version of OpenSSL as it will enable SNI support if it detects the right version of OpenSSL — the version of OpenSSL that includes TLS extension support. Finally, as far as browsers go, not every browser yet supports SNI, but the most popular browsers do, and some have for quite a while. This includes Firefox 2.0 or later, Opera 8.0 or later, Internet Explorer 7.0 or later (unfortunately, only on Vista), Google Chrome, and Safari 3.2.1 (unfortunately only on OS X 10.5.6 or later). In practical terms, this means that for a serious e-commerce Web site or one that needs to have broad appeal, this solution won’t work — yet. Expect in the next year or so for more people to upgrade and more browsers to support SNI. For testing purposes or for internal sites where you can have some say over client browser installation (and also considering that such old versions of Firefox support SNI), using SNI can be quite useful. For configuration, here is an example of what to put in your Apache configuration file: Listen 443 NameVirtualHost *:443 SSLStrictSNIVHostCheck off <VirtualHost *:443> DocumentRoot /srv/www/example1.com/ ServerName www.example1.com ... </VirtualHost> <VirtualHost *:443> DocumentRoot /srv/www/example2.com/ ServerName www.example2.com ... </VirtualHost> What the above does is enable Apache listening to port 443 and turns on listening for virtual host requests on all IPs. The new keyword SSLStrictSNIVHostCheck is disabled, meaning we will not throw a 403 error if the client does not support SNI; instead, they will be redirected to the SSL site defined first (example1.com in the example), so be sure to define your default site first. --- On Fri, 19/2/10, ritesh anand <ritesh_...@yahoo.co.in> wrote: From: ritesh anand <ritesh_...@yahoo.co.in> Subject: Re: [Linux_Mantra] One Apache need to serve two SSL certificates To: Linux_Mantra@yahoogroups.com Date: Friday, 19 February, 2010, 12:33 AM Hi Sadhiq, Can you please be more precise? Ritesh A. --- On Thu, 18/2/10, sadhiq b <b.sad...@yahoo. co.in> wrote: From: sadhiq b <b.sad...@yahoo. co.in> Subject: Re: [Linux_Mantra] One Apache need to serve two SSL certificates To: Linux_Mantra@ yahoogroups. com Date: Thursday, 18 February, 2010, 2:52 PM change ssl NV VH for both site. NameVirtualHost *:443 <VirtualHost *:443> & configure the the same certificate to both VH in ssl & map document path same for both. B.Sadhiq --- On Tue, 16/2/10, ritesh anand <ritesh_mgr@ yahoo. co.in> wrote: From: ritesh anand <ritesh_mgr@ yahoo. co.in> Subject: Re: [Linux_Mantra] One Apache need to serve two SSL certificates To: Linux_Mantra@ yahoogroups. com Date: Tuesday, 16 February, 2010, 8:03 PM Hi Sadhiq, I have name based SSL certificate. How can achieve my goal in this case? Regards, Ritesh A. --- On Fri, 12/2/10, sadhiq b <b.sad...@yahoo. co.in> wrote: From: sadhiq b <b.sad...@yahoo. co.in> Subject: Re: [Linux_Mantra] One Apache need to serve two SSL certificates To: Linux_Mantra@ yahoogroups. com Date: Friday, 12 February, 2010, 11:57 PM Ssl runs with different multiple certificates in IP Based VH. or Ssl runs with single certificate In NameBased VH. B.Sadhiq --- On Fri, 12/2/10, RAG <ritesh_mgr@ yahoo. co.in> wrote: From: RAG <ritesh_mgr@ yahoo. co.in> Subject: [Linux_Mantra] One Apache need to serve two SSL certificates To: Linux_Mantra@ yahoogroups. com Date: Friday, 12 February, 2010, 5:05 PM Hi, I need to run a web based application with two different URLs. I already have running application with a URL with SSL installed (Valid Verisign certificate) . Obviously when i try to get the application with another URL it gives SSL error. Can i install two certificates on same server? If yes, How? Regards, Ritesh Anand The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo. com/ [Non-text portions of this message have been removed] The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo. com/ [Non-text portions of this message have been removed] Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads. yahoo.com/ in/internetexplo rer/ [Non-text portions of this message have been removed] The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo. com/ [Non-text portions of this message have been removed] The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/ [Non-text portions of this message have been removed]
