Re: how to add multiple SSL cert for each virtual host?
At 11:26 PM 12/03/2002, Justin Williams wrote: A whole new error class! RTFM errors and ID-10-T error codes alongside! If nothing else, it would be thoroughly entertaining! In my defense, I ALWAYS RTFM before asking questions like this. HOWEVER, in this case, the httpd.conf APPEARS to indicate that this type of configuration/support should be possible. So, being the curious, technical type of person that I am, I'd probably just start trying to make it work even before RTFMing to find that it's not actually supported. MUCH wasted time if I hadn't stumbled upon this conversation in this group. I'm of the opinion that it would be NICE if there was some info about this in the httpd.conf file on top of the manual and FAQ's. Note that I only say it would be NICE. I'd still end up going to the manual and FAQ before posting such a question. I certainly don't mind the extra work, considering the absolutely awesome price of the product. ;) - hawk On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote: From: Cliff Woolley [mailto:[EMAIL PROTECTED]] But please, people, this is SUCH a frequently asked question. Definitely one of the top three. I'd say it is THE most frequently asked question (but I can't be bothered scanning the archives to prove it :-) The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very well, but it is rather technical for a newbie and, having been written by someone for whom English is a second language, is not as illuminating as it might be. I had a go a re-writing it a few years ago (http://marc.theaimsgroup.com/?l=apache-modsslm=98559369910170w=2) so maybe we could start there... However, given the tendency of people to read the instructions only if all else fails, putting a warning in the default config sounds like a good idea. Putting an error message in the source-code would be even better! Rgds, Owen Boyle This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: Multiple SSL certs for name-based virtual hosts aren't possible based upon the way SSL is designed. Each site requiring a separate cert must have it's own IP address. --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Thomas Sandor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: how to add multiple SSL cert for each virtual host? hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of virtualhost/ for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 VirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog ... ErrorLog ... SSLEngine on SSLCertificateFile /somewhere/ssl.crt/domain1.crt SSLCertificateKeyFile somewhere/ssl.key/domain1.key /VirtualHost VirtualHost 12.34.56.78:443 ServerName domain2.com CustomLog ... ErrorLog ... SSLEngine on SSLCertificateFile /somewhere/ssl.crt/domain2.crt SSLCertificateKeyFile somewhere/ssl.key/domain2.key /VirtualHost The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
At 12:49 PM 12/03/2002, Shawn Syms wrote: Hawk: Here is more info on why did doesn't work: http://www.ensim.com/support/sxc/faqs/4.10.html Aha. That makes sense to me. I noticed this discussion because I was considering doing this sort of thing in the next month or two. Damn! Now I have to provide IP addresses for virtual sites that require this support. :( Thanks for the heads up though. - hawk --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Hack Hawk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: RE: how to add multiple SSL cert for each virtual host? What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: Multiple SSL certs for name-based virtual hosts aren't possible based upon the way SSL is designed. Each site requiring a separate cert must have it's own IP address. --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Thomas Sandor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: how to add multiple SSL cert for each virtual host? hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of virtualhost/ for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 VirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog ... ErrorLog ... SSLEngine on SSLCertificateFile /somewhere/ssl.crt/domain1.crt SSLCertificateKeyFile somewhere/ssl.key/domain1.key /VirtualHost VirtualHost 12.34.56.78:443 ServerName domain2.com CustomLog ... ErrorLog ... SSLEngine on SSLCertificateFile /somewhere/ssl.crt/domain2.crt SSLCertificateKeyFile somewhere/ssl.key/domain2.key /VirtualHost The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]