Re: how to add multiple SSL cert for each virtual host?
At 11:26 PM 12/03/2002, Justin Williams wrote: A whole new error class! RTFM errors and ID-10-T error codes alongside! If nothing else, it would be thoroughly entertaining! In my defense, I ALWAYS RTFM before asking questions like this. HOWEVER, in this case, the httpd.conf APPEARS to indicate that this type of configuration/support should be possible. So, being the curious, technical type of person that I am, I'd probably just start trying to make it work even before RTFMing to find that it's not actually supported. MUCH wasted time if I hadn't stumbled upon this conversation in this group. I'm of the opinion that it would be "NICE" if there was some info about this in the httpd.conf file on top of the manual and FAQ's. Note that I only say it would be "NICE". I'd still end up going to the manual and FAQ before posting such a question. I certainly don't mind the extra work, considering the absolutely awesome price of the product. ;) - hawk On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote: > From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > > >But please, people, this is SUCH a frequently asked question. > >Definitely one of the top three. > > I'd say it is THE most frequently asked question (but I can't be > bothered scanning the archives to prove it :-) > > The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very > well, but it is rather technical for a newbie and, having been written > by someone for whom English is a second language, is not as illuminating > as it might be. I had a go a re-writing it a few years ago > (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so > maybe we could start there... > > However, given the tendency of people to read the instructions only if > all else fails, putting a warning in the default config sounds like a > good idea. Putting an error message in the source-code would be even > better! > > Rgds, > > Owen Boyle > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any mistransmission. > If you receive this message in error, please notify the sender urgently > and then immediately delete the message and any copies of it from your > system. Please also immediately destroy any hardcopies of the message. > You must not, directly or indirectly, use, disclose, distribute, print, > or copy any part of this message if you are not the intended recipient. > The sender's company reserves the right to monitor all e-mail > communications through their networks. Any views expressed in this > message are those of the individual sender, except where the message > states otherwise and the sender is authorised to state them to be the > views of the sender's company. > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
On Wed, Dec 04, 2002 at 01:17:12PM +0100, Boyle Owen wrote: > >From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > > > >But please, people, this is SUCH a frequently asked question. > >Definitely one of the top three. > > I'd say it is THE most frequently asked question (but I can't be > bothered scanning the archives to prove it :-) > Yeah, I think so too. > The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very > well, but it is rather technical for a newbie and, having been written > by someone for whom English is a second language, is not as illuminating > as it might be. I had a go a re-writing it a few years ago > (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so > maybe we could start there... > Yes, I'll add it to the 2.x docs. > However, given the tendency of people to read the instructions only if > all else fails, putting a warning in the default config sounds like a > good idea. Putting an error message in the source-code would be even > better! > I'm pretty sure there already is (at least in 1.3) but that requires people to read the error_log. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
A whole new error class! RTFM errors and ID-10-T error codes alongside! If nothing else, it would be thoroughly entertaining! On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote: > From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > > >But please, people, this is SUCH a frequently asked question. > >Definitely one of the top three. > > I'd say it is THE most frequently asked question (but I can't be > bothered scanning the archives to prove it :-) > > The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very > well, but it is rather technical for a newbie and, having been written > by someone for whom English is a second language, is not as illuminating > as it might be. I had a go a re-writing it a few years ago > (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so > maybe we could start there... > > However, given the tendency of people to read the instructions only if > all else fails, putting a warning in the default config sounds like a > good idea. Putting an error message in the source-code would be even > better! > > Rgds, > > Owen Boyle > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any mistransmission. > If you receive this message in error, please notify the sender urgently > and then immediately delete the message and any copies of it from your > system. Please also immediately destroy any hardcopies of the message. > You must not, directly or indirectly, use, disclose, distribute, print, > or copy any part of this message if you are not the intended recipient. > The sender's company reserves the right to monitor all e-mail > communications through their networks. Any views expressed in this > message are those of the individual sender, except where the message > states otherwise and the sender is authorised to state them to be the > views of the sender's company. > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
>From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > >But please, people, this is SUCH a frequently asked question. >Definitely one of the top three. I'd say it is THE most frequently asked question (but I can't be bothered scanning the archives to prove it :-) The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very well, but it is rather technical for a newbie and, having been written by someone for whom English is a second language, is not as illuminating as it might be. I had a go a re-writing it a few years ago (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910170&w=2) so maybe we could start there... However, given the tendency of people to read the instructions only if all else fails, putting a warning in the default config sounds like a good idea. Putting an error message in the source-code would be even better! Rgds, Owen Boyle This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
Hawk: Here is more info on why did doesn't work: http://www.ensim.com/support/sxc/faqs/4.10.html --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Hack Hawk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: RE: how to add multiple SSL cert for each virtual host? What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: >Multiple SSL certs for name-based virtual hosts aren't possible based upon >the way SSL is designed. Each site requiring a separate cert must have it's >own IP address. > >--- >Shawn Syms | Systems Administrator >Infinet Communications | [EMAIL PROTECTED] >--- > > > >-Original Message- >From: Thomas Sandor [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, December 03, 2002 1:20 PM >To: [EMAIL PROTECTED] >Subject: how to add multiple SSL cert for each virtual host? > > >hi everyone, > >I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl >(openssl 0.9.6g). >Till now I had only one domain for which apache should use SSL cert files >(crt, key), but for our next project I have to add another SSL cert file a >specific domain. > >I have NameVirtualHost 12.34.56.78 and have a list of for >each of our domain, using ServerNamed base aliases, but for the ssl conf it >ain't works. In my ssl.conf in short looks like this: > >NameVirtualHost 12.34.56.78:443 > > > ServerName domain1.com > CustomLog "..." > ErrorLog "..." > SSLEngine on > SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" > SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" > > > > ServerName domain2.com > CustomLog "..." > ErrorLog "..." > SSLEngine on > SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" > SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" > > >The problem is that apache does not serve domain2 cert files for domain2, it >uses the first declaration for every https://domainX.com invoke. Does anyone >know how to tell apache to uses specific SSL cert I'd like to define for >each of my virtualhosts? > >Thanks in advance for any help. > >Regards, >Thomas > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
> Aha. That makes sense to me. I noticed this discussion > because I was > considering doing this sort of thing in the next month or > two. Damn! Now I > have to provide IP addresses for virtual sites that require > this support. :( Might not something like this work? It gives you name based virtual hosts for the http part... NameVirtualHost 12.34.56.78:80 ServerName domain1.com Redirect / https://domain1.com:1443 ServerName domain2.com Redirect / https://domain2.com:1444 ServerName domain1.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" ServerName domain2.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" I've just written this from the top of my head, so I don;t know if I didn't make any syntax errors. But I'll have to try this out someday here, as I'm going to run into the same problem as you are now. Greetings, Krist __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
Perhaps including it in the defauly httpd.conf file underr the directives as commentary might help? # General setup for the virtual host # ...name based VHing does not work, you need to...to get this to # ...work...if you ask this in the modssl-users list, you might #well be berated for failing to read documentation... Perhaps putting the information in the README as well as in the INSTALL docs, tthus putting it in as many places as possible might help? Thanks, Ron DuFresne P.S. this is of course not limiting adding it to the list footer : > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > ...name based VHing does not work, you need to...to get this to > ...work...if you ask this in the modssl-users list, you might > #well be berated for failing to read documentation... On Tue, 3 Dec 2002, Cliff Woolley wrote: [SNIP] > > But please, people, this is SUCH a frequently asked question. Definitely > one of the top three. I wonder if we can't find a better way to document > this? Anyone have any ideas? I'd say un-hiding it from the FAQ page > would be a good start... it's a prominent question, give the answer a more > prominent location. > > --Cliff > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
On Tue, 3 Dec 2002, Dave Paris wrote: > Not only is it not possible With the current state of the SSL protocol such as it is, this is correct-- it's not possible. > it'd be a HUGE security flaw if it WERE possible. Well, not necessarily... all that you would need is for the client to tell the server which host it *thought* it was contacting, and then the server would know which vhost to serve the request with and therefore which certificate to present. That would require the SSL protocol to have the equivalent of HTTP's Host: header. From there, as long as the certificate can be verified as authentic, there's no more risk than there would be if there was a one-to-one mapping between IP and hostname as the current SSL protocol requires. But please, people, this is SUCH a frequently asked question. Definitely one of the top three. I wonder if we can't find a better way to document this? Anyone have any ideas? I'd say un-hiding it from the FAQ page would be a good start... it's a prominent question, give the answer a more prominent location. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
At 12:49 PM 12/03/2002, Shawn Syms wrote: Hawk: Here is more info on why did doesn't work: http://www.ensim.com/support/sxc/faqs/4.10.html Aha. That makes sense to me. I noticed this discussion because I was considering doing this sort of thing in the next month or two. Damn! Now I have to provide IP addresses for virtual sites that require this support. :( Thanks for the heads up though. - hawk --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Hack Hawk [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: RE: how to add multiple SSL cert for each virtual host? What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: >Multiple SSL certs for name-based virtual hosts aren't possible based upon >the way SSL is designed. Each site requiring a separate cert must have it's >own IP address. > >--- >Shawn Syms | Systems Administrator >Infinet Communications | [EMAIL PROTECTED] >--- > > > >-Original Message- >From: Thomas Sandor [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, December 03, 2002 1:20 PM >To: [EMAIL PROTECTED] >Subject: how to add multiple SSL cert for each virtual host? > > >hi everyone, > >I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl >(openssl 0.9.6g). >Till now I had only one domain for which apache should use SSL cert files >(crt, key), but for our next project I have to add another SSL cert file a >specific domain. > >I have NameVirtualHost 12.34.56.78 and have a list of for >each of our domain, using ServerNamed base aliases, but for the ssl conf it >ain't works. In my ssl.conf in short looks like this: > >NameVirtualHost 12.34.56.78:443 > > > ServerName domain1.com > CustomLog "..." > ErrorLog "..." > SSLEngine on > SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" > SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" > > > > ServerName domain2.com > CustomLog "..." > ErrorLog "..." > SSLEngine on > SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" > SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" > > >The problem is that apache does not serve domain2 cert files for domain2, it >uses the first declaration for every https://domainX.com invoke. Does anyone >know how to tell apache to uses specific SSL cert I'd like to define for >each of my virtualhosts? > >Thanks in advance for any help. > >Regards, >Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
Look at the handshake for SSL. During the name to address translation phase, you wind up with a chicken-egg scenario if more than one name shares an address. Not only is it not possible, it'd be a HUGE security flaw if it WERE possible. -dsp On Tuesday, Dec 3, 2002, at 15:34 US/Eastern, Hack Hawk wrote: What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: Multiple SSL certs for name-based virtual hosts aren't possible based upon the way SSL is designed. Each site requiring a separate cert must have it's own IP address. --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Thomas Sandor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: how to add multiple SSL cert for each virtual host? hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" ServerName domain2.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
What?!?!?! Are you absolutely sure about this? SSL certs are based on the Domain Name,,, NOT the IP address. It stands to reason that it would be possible for virtual hosts/domains to have their own certs. Perhaps modssl doesn't support it, but I think that in theory it's possible. - hawk At 10:24 AM 12/03/2002, you wrote: Multiple SSL certs for name-based virtual hosts aren't possible based upon the way SSL is designed. Each site requiring a separate cert must have it's own IP address. --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Thomas Sandor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: how to add multiple SSL cert for each virtual host? hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" ServerName domain2.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: how to add multiple SSL cert for each virtual host?
Multiple SSL certs for name-based virtual hosts aren't possible based upon the way SSL is designed. Each site requiring a separate cert must have it's own IP address. --- Shawn Syms | Systems Administrator Infinet Communications | [EMAIL PROTECTED] --- -Original Message- From: Thomas Sandor [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: how to add multiple SSL cert for each virtual host? hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" ServerName domain2.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how to add multiple SSL cert for each virtual host?
On Tue, 3 Dec 2002, Thomas Sandor wrote: [SNIP] > > The problem is that apache does not serve domain2 cert files for domain2, it > uses the first declaration for every https://domainX.com invoke. Does anyone > know how to tell apache to uses specific SSL cert I'd like to define for > each of my virtualhosts? > Yes assign a seperate IP address or port for each domain you wish to host. Thanks, Ron DuFresne -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
how to add multiple SSL cert for each virtual host?
hi everyone, I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl (openssl 0.9.6g). Till now I had only one domain for which apache should use SSL cert files (crt, key), but for our next project I have to add another SSL cert file a specific domain. I have NameVirtualHost 12.34.56.78 and have a list of for each of our domain, using ServerNamed base aliases, but for the ssl conf it ain't works. In my ssl.conf in short looks like this: NameVirtualHost 12.34.56.78:443 ServerName domain1.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain1.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain1.key" ServerName domain2.com CustomLog "..." ErrorLog "..." SSLEngine on SSLCertificateFile "/somewhere/ssl.crt/domain2.crt" SSLCertificateKeyFile "somewhere/ssl.key/domain2.key" The problem is that apache does not serve domain2 cert files for domain2, it uses the first declaration for every https://domainX.com invoke. Does anyone know how to tell apache to uses specific SSL cert I'd like to define for each of my virtualhosts? Thanks in advance for any help. Regards, Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]