You may try to use multiple host names in a single cert. Tested with apache only, not with resin. Anyway, all vhosts have to use the same cert. Maybe some of the following notes can help:
- csr generation tool using subjectAltName extension wget http://svn.cacert.org/CAcert/CSRGenerator/csr - csr generation by script (will add subjectAltName extension to conf) sh csr - modifying opennssl.cnf in order to sign request with extension [ v3_ca ] subjectAltName = critical,DNS:localhost1,DNS:localhost2 - signing the cert request openssl x509 -req -days 99 -extfile /etc/ssl/openssl.cnf \ -extensions v3_ca -in lxwww2_csr.pem \ -signkey host_privatekey.pem -out host_crt.pem - check csr and crt (must contain X509v3 Subject Alternative Name) openssl req -in host_csr.pem -noout -text openssl x509 -in host_crt.pem -noout -text - security issuses with subjectAltName and esp. wildcards: http://nils.toedtmann.net/pub/subjectAltName.txt - browser compability http://wiki.cacert.org/wiki/VhostTaskForce#InteroperabilityTest and http://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf Best regards Martin -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mattias Jiderhamn Gesendet: Montag, 29. September 2008 12:24 An: Resin Betreff: [Resin-interest] SSL - Different cert per virtual host? Hi, I want to know if it is possible to set up Resin to use multiple SSL certificates on the same server, each used for a different (virtual) host? That is, I want the same Resin instance to correspond both to foo.com with its SSL certificate and bar.com with its SSL certificate (on the same port). Is that possible? How? /Mattias _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest