You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by MM <fi...@gmail.com> on 2014/12/23 14:30:00 UTC
[users@httpd] 2 server certificates
Hello,
My network connectivity looks like:
setting 1
laptop -> corpfirewall -> ... -> homefirewall -> serverbox (httpd
2.4)
in this setting, i have a public dns registered hostname autoupdated by my
ISP.
my homefirewall forwards all traffic https to serverbox.
setting 2
samelaptop -> sameserverbox
(servername.lan <-> 192.168.1.x)
I have generate 2 self-signed certificates, 1 with the 'public hostname' as
the CN, and another one with the 'servername.lan' as the CN.
I have both certificates in my laptop locally stored.
Is it possible to have httpd use the correct certificate depending on where
the request comes from?
Regards,
MM
RE: [users@httpd] 2 server certificates
Posted by Jason Pyeron <jp...@pdinc.us>.
> -----Original Message-----
> From: MM
> Sent: Tuesday, December 23, 2014 8:30
>
> Hello,
>
> My network connectivity looks like:
>
> setting 1
> laptop -> corpfirewall -> ... -> homefirewall ->
> serverbox (httpd 2.4)
> in this setting, i have a public dns registered hostname
> autoupdated by my ISP.
> my homefirewall forwards all traffic https to serverbox.
>
> setting 2
> samelaptop -> sameserverbox
> (servername.lan <-> 192.168.1.x)
>
> I have generate 2 self-signed certificates, 1 with the
> 'public hostname' as the CN, and another one with the
> 'servername.lan' as the CN.
>
> I have both certificates in my laptop locally stored.
>
> Is it possible to have httpd use the correct certificate
> depending on where the request comes from?
Yes, assuming the IP addresses of the server are different. Using virtual host configuration, you would have the SSL config per IP.
Another approach would be to have one certificate with all the names in the cert.
-Jason
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 2 server certificates
Posted by daniel bryan <da...@gmail.com>.
It sounds like you have 1 website, and you want to make sure both public
users, and LAN users can see the content. I think it's best to do as Jason
suggested an use the public hostname as the CN, and do a subject alt DNS
name of the server.lan or you could create DNS records in your lan to
resolve the public hostname as the private IP addresses for the lan
webserver. You can also access the site by IP Address, if you have a
subject alt ip address in there. You will still likely run into
certificate trust errors with self signed certs, because all website users
will need to install your public key as a trusted certificate. There are
free alternatives that will give you a pre-trusted cert. This will allow
users to access your site without needing to install trust for your cert.
Check out StartSSL <https://www.startssl.com/>
On Tue, Dec 23, 2014 at 8:30 AM, MM <fi...@gmail.com> wrote:
> Hello,
>
> My network connectivity looks like:
>
> setting 1
> laptop -> corpfirewall -> ... -> homefirewall -> serverbox (httpd
> 2.4)
> in this setting, i have a public dns registered hostname autoupdated by my
> ISP.
> my homefirewall forwards all traffic https to serverbox.
>
> setting 2
> samelaptop -> sameserverbox
> (servername.lan <-> 192.168.1.x)
>
> I have generate 2 self-signed certificates, 1 with the 'public hostname'
> as the CN, and another one with the 'servername.lan' as the CN.
>
> I have both certificates in my laptop locally stored.
>
> Is it possible to have httpd use the correct certificate depending on
> where the request comes from?
>
> Regards,
>
> MM
>