Hi Christopher,
> since "one certificate per IP" mean i will able to create only 1
> certificate and send to my partners. for those who do not have the
> certificate will not be able to access my web server?
definitely not. If I understand you correctly, you want to enable
client authentication. In this case you should create and deliver
individual SSL Client certificates to each individual client.
What Oliver meant is that it is not(*) possible to define multiple
SSL-protected virtual hosts on one single IP that use different
server certificates.
(*) This has been addressed in an RFC, IIRC, but is not widely supported
by today's browsers.
> so do i still need to use virtual host for my web server?
Although it is possible to configure SSL without a VirtualHost
definition, it is common practice to use a VirtualHost section
for this, and I'd recommend to do so.
It is not very clear what you want to achieve. Do you want to simply
protect your web server with SSL (Server Authentication) or do you
also want to limit client access by forcing them to authenticate
with a valid certificate installed in their browser (Client
Authentication)?
To me it seems you have not read the excellent mod_ssl documentation,
this is really helpful and the canonical source of information for
this topic.
Don't take this personal, but from the questions you have been
posting on this list during the past weeks I get the impression that
you are not very familiar with the whole topic of SSL, PKI, Apache
and Unix.
You should be aware that it is very unlikely that you will end up
with a secure solution by applying trial & error.
You will very likely end up with something that somehow works, but
it is very doubtful that it will work securely.
If you intend to set up something serious I strongly recommend either
to learn much more about the underlying technology (PKI, SSL,
mod_ssl, Apache) or involving someone who is proficient with the
topic.
cheers
Martin
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
