-Original Message-
From: John [mailto:[EMAIL PROTECTED]
I'm stuck... I have an understanding of how apache and ssl works but I
am having troubles in finding a way to set up this server. Most of the
searches I do seem to point to the fact that virtual name based hosting
will not work with multiple ssl. TYhis I understand.
Thank goodness...
I have a freebsd 4.9-current server running
apache+mod_ssl-1.3.29+2.8.16
What I don't know how to do, and I haven't found a link for yet, is to
1. start multiple instances of https, each with its *own config file*
This is simple enough; you just run httpd with the -f switch. This
allows you to define the config file at run-time. So you'd have
something like:
./httpd -f ../conf/ssl_1.conf
where ssl_1.conf contains:
Listen 192.168.1.1:443
DocumentRoot /path/to/ssl_1/docs
SSLCertificateFile /path/to/ssl_cert_1.crt
etc..
And repeat for each SSL host.
Alternatively, you can do all this in your main instance of apache by
using IP-based virtual-Hosts (I'm not sure you're aware of this), eg:
Listen 192.168.1.1:443
VirtualHost 192.168.1.1:443
DocumentRoot /path/to/ssl_1/docs
SSLCertificateFile /path/to/ssl_cert_1.crt
etc..
/VirtualHost
Listen 192.168.1.2:443
VirtualHost 192.168.1.2:443
DocumentRoot /path/to/ssl_2/docs
SSLCertificateFile /path/to/ssl_cert_2.crt
etc..
/VirtualHost
This won't interfere with your HTTP VHs in the same config (they are all
distinct at the TCP/IP layer).
2. make custom ssl certificates *for each SSL server*
This is documented, although it's a bit tricky:
- first make your own Certificate Authority cert
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29)
- then make a certificate signing request for your site
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28) and sign it with the
CA you made above (ie skip the last bit where you send it to Verisign)
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Each domain name has its own userspace.
Can anyone help me here?
Thanks
--
John - [EMAIL PROTECTED] - http://www.reiteration.net/~jfm
For PGP public key finger [EMAIL PROTECTED] or see webpage
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
