Re: Configuring Multiple Certicates SSL over an unique IP
On Tue, 5 Nov 2002 08:48:58 +0100 Boyle Owen [EMAIL PROTECTED] wrote: No. This is called name-based virtual hosting (NBVH). It works fine for plain HTTP but is impossible under SSL. The reason is that NBVH uses the Host header to find the VH. But in SSL, the connection must be established *before* you get the Host header. So the server cannot decide which VH to use. except you are using a star-certificate, if your certificate is *.foo.bar you can use name-based virtual hosting for following dhosts: www.foo.bar test.foo.bar new.foo.bar ... what-ever.foo.bar Rgds, Owen Boyle -Original Message- From: [EMAIL PROTECTED] [mailto:asom;vetorialnet.com.br] Sent: Montag, 4. November 2002 23:20 To: [EMAIL PROTECTED] Subject: Configuring Multiple Certicates SSL over an unique IP Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes -- The software said it requires Windows 95 or better, so I installed Linux __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuring Multiple Certicates SSL over an unique IP
Yes indeed, although this is a rather limited case of NBVH. -Original Message- From: [EMAIL PROTECTED] [mailto:ueli;heuer.org] Sent: Dienstag, 5. November 2002 10:08 To: [EMAIL PROTECTED] Subject: Re: Configuring Multiple Certicates SSL over an unique IP On Tue, 5 Nov 2002 08:48:58 +0100 Boyle Owen [EMAIL PROTECTED] wrote: No. This is called name-based virtual hosting (NBVH). It works fine for plain HTTP but is impossible under SSL. The reason is that NBVH uses the Host header to find the VH. But in SSL, the connection must be established *before* you get the Host header. So the server cannot decide which VH to use. except you are using a star-certificate, if your certificate is *.foo.bar you can use name-based virtual hosting for following dhosts: www.foo.bar test.foo.bar new.foo.bar ... what-ever.foo.bar Rgds, Owen Boyle -Original Message- From: [EMAIL PROTECTED] [mailto:asom;vetorialnet.com.br] Sent: Montag, 4. November 2002 23:20 To: [EMAIL PROTECTED] Subject: Configuring Multiple Certicates SSL over an unique IP Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes -- The software said it requires Windows 95 or better, so I installed Linux __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Configuring Multiple Certicates SSL over an unique IP
I'm thinking you need to use Virtual Host directives - as others have replied, you already know that NameVirtualHost wont help - so you need to put each virtual host on a different IP. (or different port if no spare IP's_). firstly - configure your operating system to receive all the ip's you want to use - usually via ip-aliases - something you can do in unix and windows, but dont ask me how in windows. an example: your real ip is 192.168.1.2 , and you set up 192.168.1.3 as an extra alias. I'm assuming you started with httpd.conf as provided with mod_ssl - this should have the basic SSL configuration bits. Then in your httpd.conf near the end, in the IfDefine SSL section, create a VHost for each cert/ip you want. VirtualHost 192.168.1.2:443 ServerName www.cert1domain.com SSLCertificateKeyFile conf/ssl.key/cert1.key SSLCertificateFile conf/ssl.crt/cert1.crt SSLEngine on ...other conf... /VirtualHost VirtualHost 192.168.1.3:443 ServerName www.cert2domain.com SSLCertificateKeyFile conf/ssl.key/cert2.key SSLCertificateFile conf/ssl.crt/cert2.crt SSLEngine on ...other conf... /VirtualHost [EMAIL PROTECTED] wrote: Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuring Multiple Certicates SSL over an unique IP
Don't forget: Listen 192.168.1.2:443 Listen 192.168.1.3:443 -Original Message- From: Peter Viertel [mailto:peter.viertel;itaction.co.uk] Sent: Dienstag, 5. November 2002 14:17 To: [EMAIL PROTECTED] Subject: Re: Configuring Multiple Certicates SSL over an unique IP I'm thinking you need to use Virtual Host directives - as others have replied, you already know that NameVirtualHost wont help - so you need to put each virtual host on a different IP. (or different port if no spare IP's_). firstly - configure your operating system to receive all the ip's you want to use - usually via ip-aliases - something you can do in unix and windows, but dont ask me how in windows. an example: your real ip is 192.168.1.2 , and you set up 192.168.1.3 as an extra alias. I'm assuming you started with httpd.conf as provided with mod_ssl - this should have the basic SSL configuration bits. Then in your httpd.conf near the end, in the IfDefine SSL section, create a VHost for each cert/ip you want. VirtualHost 192.168.1.2:443 ServerName www.cert1domain.com SSLCertificateKeyFile conf/ssl.key/cert1.key SSLCertificateFile conf/ssl.crt/cert1.crt SSLEngine on ...other conf... /VirtualHost VirtualHost 192.168.1.3:443 ServerName www.cert2domain.com SSLCertificateKeyFile conf/ssl.key/cert2.key SSLCertificateFile conf/ssl.crt/cert2.crt SSLEngine on ...other conf... /VirtualHost [EMAIL PROTECTED] wrote: Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Page cannot be displayed
Hi, We are working with apache-1.3.23 and mod_ssl-2.8.7, sometimes explorer says: This page contains both secure and nonsecure items. Do you want to display the nonsecure items? While everything on the page is secure, when answering yes, we always get a 'page cannot be displayed' The problem did not occur anymore when we did the following in out vhost configuration: SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 question: is downgrading to 1.0 really the solution, and what is causing this in the first place? Cheers, Jeroen. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuring Multiple Certicates SSL over an unique IP
How does one go about getting a star certificate? -Original Message- From: Boyle Owen [mailto:Owen.Boyle;swx.com] Sent: Tuesday, November 05, 2002 5:22 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Multiple Certicates SSL over an unique IP Yes indeed, although this is a rather limited case of NBVH. -Original Message- From: [EMAIL PROTECTED] [mailto:ueli;heuer.org] Sent: Dienstag, 5. November 2002 10:08 To: [EMAIL PROTECTED] Subject: Re: Configuring Multiple Certicates SSL over an unique IP On Tue, 5 Nov 2002 08:48:58 +0100 Boyle Owen [EMAIL PROTECTED] wrote: No. This is called name-based virtual hosting (NBVH). It works fine for plain HTTP but is impossible under SSL. The reason is that NBVH uses the Host header to find the VH. But in SSL, the connection must be established *before* you get the Host header. So the server cannot decide which VH to use. except you are using a star-certificate, if your certificate is *.foo.bar you can use name-based virtual hosting for following dhosts: www.foo.bar test.foo.bar new.foo.bar ... what-ever.foo.bar Rgds, Owen Boyle -Original Message- From: [EMAIL PROTECTED] [mailto:asom;vetorialnet.com.br] Sent: Montag, 4. November 2002 23:20 To: [EMAIL PROTECTED] Subject: Configuring Multiple Certicates SSL over an unique IP Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes -- The software said it requires Windows 95 or better, so I installed Linux __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Configuring Multiple Certicates SSL over an unique IP
Only Thawte do starred certificates, www.thawte.com, however they are now fairly restrictive on allowing them. You have to contact a representative first (ie you can no longer get them online). We are probably not going to bother renewing our current one because they are now too much hassle. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] If we could learn one thing from September 11th 2001, it would be the utter absurdity of moral relativism. -Original Message- From: Hunt,Keith A [mailto:keith;uakron.edu] Sent: 05 November 2002 14:56 To: [EMAIL PROTECTED] Subject: RE: Configuring Multiple Certicates SSL over an unique IP How does one go about getting a star certificate? -Original Message- From: Boyle Owen [mailto:Owen.Boyle;swx.com] Sent: Tuesday, November 05, 2002 5:22 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Multiple Certicates SSL over an unique IP Yes indeed, although this is a rather limited case of NBVH. -Original Message- From: [EMAIL PROTECTED] [mailto:ueli;heuer.org] Sent: Dienstag, 5. November 2002 10:08 To: [EMAIL PROTECTED] Subject: Re: Configuring Multiple Certicates SSL over an unique IP On Tue, 5 Nov 2002 08:48:58 +0100 Boyle Owen [EMAIL PROTECTED] wrote: No. This is called name-based virtual hosting (NBVH). It works fine for plain HTTP but is impossible under SSL. The reason is that NBVH uses the Host header to find the VH. But in SSL, the connection must be established *before* you get the Host header. So the server cannot decide which VH to use. except you are using a star-certificate, if your certificate is *.foo.bar you can use name-based virtual hosting for following dhosts: www.foo.bar test.foo.bar new.foo.bar ... what-ever.foo.bar Rgds, Owen Boyle -Original Message- From: [EMAIL PROTECTED] [mailto:asom;vetorialnet.com.br] Sent: Montag, 4. November 2002 23:20 To: [EMAIL PROTECTED] Subject: Configuring Multiple Certicates SSL over an unique IP Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes -- The software said it requires Windows 95 or better, so I installed Linux __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are
Re: Configuring Multiple Certicates SSL over an unique IP
The default: Listen 443 achieves this already. Is there some advantage to doing separate Listen's? Boyle Owen wrote: Don't forget: Listen 192.168.1.2:443 Listen 192.168.1.3:443 -Original Message- From: Peter Viertel [mailto:peter.viertel;itaction.co.uk] Sent: Dienstag, 5. November 2002 14:17 To: [EMAIL PROTECTED] Subject: Re: Configuring Multiple Certicates SSL over an unique IP I'm thinking you need to use Virtual Host directives - as others have replied, you already know that NameVirtualHost wont help - so you need to put each virtual host on a different IP. (or different port if no spare IP's_). firstly - configure your operating system to receive all the ip's you want to use - usually via ip-aliases - something you can do in unix and windows, but dont ask me how in windows. an example: your real ip is 192.168.1.2 , and you set up 192.168.1.3 as an extra alias. I'm assuming you started with httpd.conf as provided with mod_ssl - this should have the basic SSL configuration bits. Then in your httpd.conf near the end, in the IfDefine SSL section, create a VHost for each cert/ip you want. VirtualHost 192.168.1.2:443 ServerName www.cert1domain.com SSLCertificateKeyFile conf/ssl.key/cert1.key SSLCertificateFile conf/ssl.crt/cert1.crt SSLEngine on ...other conf... /VirtualHost VirtualHost 192.168.1.3:443 ServerName www.cert2domain.com SSLCertificateKeyFile conf/ssl.key/cert2.key SSLCertificateFile conf/ssl.crt/cert2.crt SSLEngine on ...other conf... /VirtualHost [EMAIL PROTECTED] wrote: Hello, There are some way to configuring the Apache Server to utilize multiple certificates SSL, over an unique ip, once for each virtual domain ? What the Apache configure sintax ? Alex Moraes __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]