Using multiple certs with mod_ssl behind load balancer

2008-11-26 Thread Holt, Joe
 

 I've been asked to implement a somewhat strange setup. We are going to handle 
ssl decryption on the load balancer then forward the connections to either an 
IIS or Apache server. I'm tasked with configuring the Apache servers. I need to 
be able to use multiple certs but I'm not sure how. I've made test runs using 
SSLCertificateChainFile and SSLCACertificatePath but I couldn't get either to 
work.
What are the correct steps I need to follow?


Joe Holt | Product Development, Intuit Small Business Web | 650-549-3454

 


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]


multiple certs

2005-01-31 Thread Ed Lazor
Hi =)

My server is displaying one cert for two domains even though I've assigned each domain it's own cert in the httpd.conf file. Any idea of how to fix this?

- Apache 1.3.33
- modssl 2.8.22
- I checked the ssl key and crt files to make sure they have the correct data
- I've restarted the web server httpd process
- I made sure to assign each domain a unique IP
- I searched the mailing list and didn't see that others have run into this problem
- I checked the FAQ

Httpd.conf entries for port 443 of the two domains are listed below.

Thanks in advance for any help / ideas.

-Ed


VirtualHost 64.69.41.124:443
 SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.discountrpg.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.discountrpg.key
 ServerName www.discountrpg.com ServerAlias www.discountrpg.com discountrpg.com rpgdiscount.com www.rpgdiscount.com rpgdiscounts.com www.rpgdiscounts.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/admin/domains/discountrpg.com/private_html ScriptAlias /cgi-bin/ /home/admin/domains/discountrpg.com/public_html/cgi-bin/
 UseCanonicalName OFF
 User admin Group admin CustomLog /var/log/httpd/domains/discountrpg.com.bytes bytes CustomLog /var/log/httpd/domains/discountrpg.com.log combined ErrorLog /var/log/httpd/domains/discountrpg.com.error.log
 Directory /home/admin/domains/discountrpg.com/private_html Options +Includes -Indexes php_admin_flag engine ON php_admin_flag safe_mode OFF php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [EMAIL PROTECTED]' /Directory

 #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
/VirtualHost
VirtualHost 64.69.41.123:443
 SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.rpgstore.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.rpgstore.key
 ServerName www.rpgstore.com ServerAlias www.rpgstore.com rpgstore.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/admin/domains/rpgstore.com/private_html ScriptAlias /cgi-bin/ /home/admin/domains/rpgstore.com/public_html/cgi-bin/
 UseCanonicalName OFF
 User admin Group admin CustomLog /var/log/httpd/domains/rpgstore.com.bytes bytes CustomLog /var/log/httpd/domains/rpgstore.com.log combined ErrorLog /var/log/httpd/domains/rpgstore.com.error.log
 Directory /home/admin/domains/rpgstore.com/private_html Options +Includes -Indexes php_admin_flag engine ON php_admin_flag safe_mode OFF php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [EMAIL PROTECTED]' /Directory

 #php_admin_value open_basedir /home/admin/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
/VirtualHost

Re: Multiple Certs

2000-11-30 Thread Mads Toftum

On Thu, Nov 30, 2000 at 09:20:00AM +0200, Justin Unwin wrote:
 Lo all,
 
 I want to set up multiple certificates but it only uses the first one
 specified is there any way
 to have more than one certificate on one server with virtual hosting ??
 
Yep, just use ip based virtual hosting. See:
http://www.modssl.org/docs/2.7/ssl_faq.html#vhosts

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Multiple Certs

2000-11-29 Thread Justin Unwin

Lo all,

I want to set up multiple certificates but it only uses the first one
specified is there any way
to have more than one certificate on one server with virtual hosting ??

both certificates work fine i have tried them both seperate but together
just does not seem to work :P

Ta Justin
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



[BugDB] MULTIPLE CERTS (PR#461)

2000-10-09 Thread modssl-bugdb

Full_Name: Sachin Kundra
Version: 2.6.4
OS: Linux
Submission from: (NULL) (206.184.207.53)


Hello,

I am trying to install an additional certficate on a webserver that already
has a certificate installed for the machine name.  One of the virtual hosts
needs to have its own certificate.  I have already received the certificate
from Thawte and I have implemented it by using "SSLCACertificateFile" inside
the virtual host tag.  This did not seem to work, though this is the only
way that I gathered through the docs.  I also have a line for the key file
that is associated with the crt.

Here is the VHost entry:

VirtualHost IP_OF_Machine
ServerAdmin webmaster@DOMAIN
DocumentRoot /home/USERID/public_html
ServerName DOMAIN
ServerALias DOMAIN *.DOMAIN
ScriptAlias /cgi-bin/ /home/USERID/cgi-bin/
#ErrorLog /home/USERID/USERID.error.log
TransferLog /home/USERID/USERID.access.log
SSLCACertificateFile /etc/httpd/conf/ssl/DOMAIN.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/DOMAIN.key
/VirtualHost

Thanks for all of your help.

Sachin





__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: [BugDB] MULTIPLE CERTS (PR#461)

2000-10-09 Thread modssl-bugdb

On Mon, Oct 09, 2000 at 09:30:30AM +0200, [EMAIL PROTECTED] wrote:
 
 I am trying to install an additional certficate on a webserver that already
 has a certificate installed for the machine name.  One of the virtual hosts
 needs to have its own certificate.  I have already received the certificate
 from Thawte and I have implemented it by using "SSLCACertificateFile" inside
 the virtual host tag.  This did not seem to work, though this is the only
 way that I gathered through the docs.  I also have a line for the key file
 that is associated with the crt.
 
You should use SSLCertificateFile to point to your server certificate.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Multiple virtualhosts, multiple certs???

1998-12-31 Thread John Baskind

I currently run three domains as virtual hosts on a server which also runs 
three other virtual hosts which don't belong to me. 
(Apache_1.3.3/mod_ssl/mod_perl

One of my domains runs a secure server on port 443 while allowing general 
access on port 80.

Now I need to enable a second domain with a secure channel, with a cert in 
the name of the second domain.
I am presuming that I will have to somehow make this  happen in httpd.conf, 
but I can't think of a way round the basic problem. Unfortunately I can't 
take the server down for long periods of time, because of the three 
extraneous domains whose owners don't understand or enjoy my habit of 
server-upgrading.

They all have bitter memories of my first install of mod_ssl, whose primary 
side-effect was 3 days of server downtime!

Please can someone more knowledgeable point me in the right direction?
__
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]