I am trying to figure out to what is an SSL Certificate tied. Is it
the value of ServerName or the canonical name from a reverse DNS
lookup or the forward lookup? Or do all virtual hosts use the same
certificate?
For example:
I want to run multiple virtual servers on a single system:
ServerName IP
first.mydomain.com 192.168.10.1
second.mydomain.com 192.168.10.2
however, let use say that the DNS says:
first.mydomain.com. IN CNAME server.mydomain.com
server.mydomain.com. IN A 192.168.10.1
second.mydomain.com. IN A 192.168.10.2
1.10.168.192.in-addr.arpa. IN PTR server.mydomain.com.
2.10.168.192.in-addr.arpa. IN PTR second.mydomain.com.
In other words, server.mydomain.com already exists and I just
want to use its IP address as first.mydomain.com.
So, what do I register with the Certificate Authority? If it is
tied to the reverse DNS, would I be better not running the web
server on the main IP address of server.mydomain.com and then put
first.mydomain.com on its own address?
I have seen messages to the effect that if one uses a web hosting
service it is their responsibility to get the certficate as it is
tied to their IP addresses in some way, however this does not make
sense to me in that if I do a forward and reverse lookup of our
company's web server (hosted outside), it looks like it is ours:
% host www.ulticom.com
www.ulticom.com has address 207.106.32.104
% host 207.106.32.104
104.32.106.207.IN-ADDR.ARPA domain name pointer www.ulticom.com
(I control the A record, they control the PTR record).
I have also seen mention in the archives (and FAQ) that name-based virtual
hosting does not work, but I am using IP-based virtual hosting.
--
Gary Algier, WB2FWZ [EMAIL PROTECTED] +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
This space intentionally left blank by the censors.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
