>-----Original Message----- >From: John [mailto:[EMAIL PROTECTED] > >I'm stuck... I have an understanding of how apache and ssl works but I >am having troubles in finding a way to set up this server. Most of the >searches I do seem to point to the fact that virtual name based hosting >will not work with multiple ssl. TYhis I understand.
Thank goodness... >I have a freebsd 4.9-current server running >apache+mod_ssl-1.3.29+2.8.16 >What I don't know how to do, and I haven't found a link for yet, is to >1. start multiple instances of https, each with its *own config file* This is simple enough; you just run httpd with the "-f" switch. This allows you to define the config file at run-time. So you'd have something like: ./httpd -f ../conf/ssl_1.conf where ssl_1.conf contains: Listen 192.168.1.1:443 DocumentRoot /path/to/ssl_1/docs SSLCertificateFile /path/to/ssl_cert_1.crt etc.. And repeat for each SSL host. Alternatively, you can do all this in your main instance of apache by using IP-based virtual-Hosts (I'm not sure you're aware of this), eg: Listen 192.168.1.1:443 <VirtualHost 192.168.1.1:443> DocumentRoot /path/to/ssl_1/docs SSLCertificateFile /path/to/ssl_cert_1.crt etc.. </VirtualHost> Listen 192.168.1.2:443 <VirtualHost 192.168.1.2:443> DocumentRoot /path/to/ssl_2/docs SSLCertificateFile /path/to/ssl_cert_2.crt etc.. </VirtualHost> This won't interfere with your HTTP VHs in the same config (they are all distinct at the TCP/IP layer). >2. make custom ssl certificates *for each SSL server* This is documented, although it's a bit tricky: - first make your own Certificate Authority cert (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29) - then make a certificate signing request for your site (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28) and sign it with the CA you made above (ie skip the last bit where you send it to Verisign) Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > >Each domain name has its own userspace. > >Can anyone help me here? > >Thanks > >-- >John - [EMAIL PROTECTED] - http://www.reiteration.net/~jfm >For PGP public key finger [EMAIL PROTECTED] or see webpage >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière de la SWX Swiss Exchange. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
