RE: server.key

Adrian Stovall Thu, 07 Sep 2000 10:33:20 -0700
The key is unique to the server (i.e. the machine you have set up to serve
pages).  You can generate multiple csr's to get multiple certificates from a
single server key (btw, you don't have to name the key based on domain name,
it can be simply, "server.key" or "mylefttoe.hurts", etc).  There is nothing
*wrong* with creating multiple server keys, but it isn't necessary to
accomplish csr generation.

"Murphy was an optomist"
          -O'Toole's commentary on Murpy's Law

Adrian Stovall
Senior Systems Engineer

PFK Business Systems, Inc.
(972) 621-0300
www.pfk.com


> -----Original Message-----
> From: Mark Lo [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 07, 2000 12:26 PM
> To: [EMAIL PROTECTED]
> Subject: Re: server.key
> 
> 
> Hi,
> 
>    Thank you for your quick reply first.
> 
> I mean private key.
> for example.
> 
> <VirtualHost 192.168.42.1:433>
> ServerName www.domain1.com
> DocumentRoot "/home/www/domain1"
> SSLEngine on
> SSLCertificateFile conf/ssl/www.domain1.com.crt
> SSLCertificateKeyFile conf/ssl/www.domain1.com.key
> </VirtualHost>
> 
> <VirtualHost 192.168.42.2:433>
> ServerName www.domain2.com
> DocumentRoot "/home/www/domain2"
> SSLEngine on
> SSLCertificateFile conf/ssl/www.domain2.com.crt
> 
> should I use the same private key as the www.domain1.com
> SSLCertificateKeyFile conf/ssl/www.domain1.com.key
> or
> generate a new private key
> SSLCertificateKeyFile conf/ssl/www.domain2.com.key
> </VirtualHost>
> 
> I mean if I have two virtual domain (etc. domain1 and domain2 
> ).  Should I
> use the same private key to generate the Certificate Request 
> (.csr) for both
> domain1 and domain2 ??  Or I should generate different private key for
> different domain, then use the corresponding private key to 
> generate the
> certificate request.
> 
> Thank You
> 
> Mark
> 
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, September 08, 2000 12:52 AM
> Subject: Re: server.key
> 
> 
> >
> > AFAIK you can use the same server.key to sign multiple certificates.
> >
> >       You're correct that each domain needs it's own 
> certificate but I
> don't
> >       think the same is true for the private keys.
> >
> >       HTH,
> >
> >       Simon Wilcox.
> >
> >
> >
> >
> >
> >
> > Please respond to [EMAIL PROTECTED]
> >
> >              (Embedded image moved to file: pic16165.pcx) 
> (Embedded image
> moved
> > to file: pic22949.pcx)
> >
> >         From           Giuliano Cocchi 
> <[EMAIL PROTECTED]>
> >                                     Date   7 September 2000
> >              (Embedded image moved to file: pic02618.pcx)   
> (Embedded
> image
> > moved to file: pic27884.pcx)
> >
> >                 [EMAIL PROTECTED]                    
> Time      15:32
> >        To
> >
> >
> >              (Embedded image moved to file: pic18806.pcx)   
> (Embedded
> image
> > moved to file: pic16421.pcx)
> >
> >               Copy to           (bcc: Simon Wilcox/BASE/WilliamsLea)
> >              (Embedded image moved to file: pic10399.pcx)
> >
> >                            Fax to
> >              (Embedded image moved to file: pic30029.pcx)
> >
> >                   Subject        Re: server.key
> >              (Embedded image moved to file: pic31203.pcx)
> >
> >
> >
> >
> >
> > Yes you do.
> > One certificate for each domain.
> >
> > On Thu, 07 Sep 2000, you wrote:
> > > >%_Hi,
> > >
> > >     Do I need to generate different server key for 
> different domain name
> ??
> > >
> > > Thank you so much for your help
> > >
> > > mark
> > >
> >
> > ----------------------------------------
> > Content-Type: text/html; name="unnamed"
> > Content-Transfer-Encoding: quoted-printable
> > Content-Description:
> > ----------------------------------------
> > 
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   
www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>
>
>
>
>
>
>
>
>
>
>
> ______________________________________________________________________
>
>
>    This email contains proprietary information some or all of which may be
>    legally privileged.  It is for the intended recipient only. If an
addressing
>    or transmission error has misdirected this email, please notify the
author by
>    replying to this email. If you are not the intended recipient you must
not
>    use, disclose, distribute, copy, print, or reply on this email.
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: server.key

Reply via email to
