since "one certificate per IP" mean i will able to create only 1 certificate and send to my partners. for those who do not have the certificate will not be able to access my web server?
so do i still need to use virtual host for my web server? On Fri, 2005-11-11 at 07:48 +0100, Oliver Welter wrote: > Hi Christopher, > > > NameVirtualHost 192.168.1.184:1443 > > First: VirtualName Hosting does not work with SSL - you can defein only > one Certificate per IP > > > > > <VirtualHost 192.168.1.184:1443> > > ServerAdmin [EMAIL PROTECTED] > > DocumentRoot /var/www/opencatest.syn > > ServerName opencatest.syn > > ErrorLog /var/log/httpd/test_ca_error_log > > CustomLog /var/log/httpd/test_ca_error_log common > > SSLEngine on > > SSLCertificateFile /usr/local/OpenCA/var/crypto/cacerts/cacert.crt > > SSLCertificateKeyFile /usr/local/OpenCA/var/crypto/keys/cakey.pem > > </VirtualHost> > > You just configured server-side authentificattion - this means that the > server presents its certiifcate to the client. What you are looking for > is a "SSL_REQUIRE" directive. > > If you just want to check for a valid certificate but > "SSLVerifyClient require" in the definition. > If you want to check for certain attributes in the Certificate you can > do this with SSLRequire, in this case you must explicitly ewxport the > SSL Variables in apache with "SSLOptions +StdEnvVars +ExportCertData" > > As this is no OpenCA related question you should better check mod_ssl > documentation on further questions > > Oliver ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
