You may try to use multiple host names in a single cert. Tested with apache
only, not with resin. Anyway, all vhosts have to use the same cert. Maybe
some of the following notes can help:
- csr generation tool using subjectAltName extension
wget http://svn.cacert.org/CAcert/CSRGenerator/csr
- csr generation by script (will add subjectAltName extension to conf)
sh csr
- modifying opennssl.cnf in order to sign request with extension
[ v3_ca ]
subjectAltName = critical,DNS:localhost1,DNS:localhost2
- signing the cert request
openssl x509 -req -days 99 -extfile /etc/ssl/openssl.cnf \
-extensions v3_ca -in lxwww2_csr.pem \
-signkey host_privatekey.pem -out host_crt.pem
- check csr and crt (must contain X509v3 Subject Alternative Name)
openssl req -in host_csr.pem -noout -text
openssl x509 -in host_crt.pem -noout -text
- security issuses with subjectAltName and esp. wildcards:
http://nils.toedtmann.net/pub/subjectAltName.txt
- browser compability
http://wiki.cacert.org/wiki/VhostTaskForce#InteroperabilityTest and
http://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf
Best regards
Martin
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Mattias Jiderhamn
Gesendet: Montag, 29. September 2008 12:24
An: Resin
Betreff: [Resin-interest] SSL - Different cert per virtual host?
Hi, I want to know if it is possible to set up Resin to use multiple SSL
certificates on the same server, each used for a different (virtual) host?
That is, I want the same Resin instance to correspond both to foo.com
with its SSL certificate and bar.com with its SSL certificate (on the
same port). Is that possible? How?
/Mattias
___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
