You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Greg <gr...@gmail.com> on 2014/12/31 20:31:23 UTC

[users@httpd] Dynamic SSL

Hi guys,

I'm sure this has been asked before, but I'm unable to find much.

I'm attempting to make one virtualhost that is basically a wildcard 
setup. they all share the same docroot and such, but the domain names 
can be different.

I have considered making a new virtualhost per domain, but there are 
reasons I would prefer to make the system not need such a thing.

The goal:

1 virtualhost that can have many domain names accessing it. It should 
use SSL engine and each domain should have it's own SSL certificate.

I've already got the non-ssl version setup.

So my initial thoughts are this might be possible with a pipe and an 
executable or using variables for the accessing domain.

Now, I figure someone has wanted to do this in the past, there are so 
many good reasons why someone would do this. So if it's not been done, 
The only thing I could think that would prevent this from working would 
be that perhaps apache was loading the cert and info on startup making 
it very difficult to change the info on the fly.

Any thoughts?

-- 
Thank you,
Greg Borbonus
*Nix Server administrator
832-699-0461
http://www.linkedin.com/in/gregborbonus/

Re: [users@httpd] Dynamic SSL

Posted by Greg <gr...@gmail.com>.

When I first read this, I was like... really?

but then I read the docs and felt like smacking myself in the forehead. 
I skimmed over the critical flaw without giving it a second look.

I'll need to rethink this design. Thanks.


Thank you,
Greg Borbonus
*Nix Server administrator
832-699-0461
http://www.linkedin.com/in/gregborbonus/

On 12/31/2014 1:49 PM, Serge Fonville wrote:
> Hi,
>
>     1 virtualhost that can have many domain names accessing it. It
>     should use SSL engine and each domain should have it's own SSL
>     certificate.
>
>     I've already got the non-ssl version setup.
>
>     So my initial thoughts are this might be possible with a pipe and
>     an executable or using variables for the accessing domain.
>
>     Now, I figure someone has wanted to do this in the past, there are
>     so many good reasons why someone would do this. So if it's not
>     been done, The only thing I could think that would prevent this
>     from working would be that perhaps apache was loading the cert and
>     info on startup making it very difficult to change the info on the
>     fly.
>
>
> Perhaps you need to read in how SSL works :-)
> That said, I'd check:
> https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
> https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
>
> Good luck!
>
> Kind regards/met vriendelijke groet,
>
> Serge Fonville
>
> http://www.sergefonville.nl
>
> 2014-12-31 20:31 GMT+01:00 Greg <gregborbonus@gmail.com 
> <ma...@gmail.com>>:
>
>     Hi guys,
>
>     I'm sure this has been asked before, but I'm unable to find much.
>
>     I'm attempting to make one virtualhost that is basically a
>     wildcard setup. they all share the same docroot and such, but the
>     domain names can be different.
>
>     I have considered making a new virtualhost per domain, but there
>     are reasons I would prefer to make the system not need such a thing.
>
>     The goal:
>
>     1 virtualhost that can have many domain names accessing it. It
>     should use SSL engine and each domain should have it's own SSL
>     certificate.
>
>     I've already got the non-ssl version setup.
>
>     So my initial thoughts are this might be possible with a pipe and
>     an executable or using variables for the accessing domain.
>
>     Now, I figure someone has wanted to do this in the past, there are
>     so many good reasons why someone would do this. So if it's not
>     been done, The only thing I could think that would prevent this
>     from working would be that perhaps apache was loading the cert and
>     info on startup making it very difficult to change the info on the
>     fly.
>
>     Any thoughts?
>
>     -- 
>     Thank you,
>     Greg Borbonus
>     *Nix Server administrator
>     832-699-0461
>     http://www.linkedin.com/in/gregborbonus/
>
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <ma...@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <ma...@httpd.apache.org>
>
>

Re: [users@httpd] Dynamic SSL

Posted by Serge Fonville <se...@gmail.com>.

Hi,

1 virtualhost that can have many domain names accessing it. It should use
SSL engine and each domain should have it's own SSL certificate.

I've already got the non-ssl version setup.

So my initial thoughts are this might be possible with a pipe and an
executable or using variables for the accessing domain.

Now, I figure someone has wanted to do this in the past, there are so many
good reasons why someone would do this. So if it's not been done, The only
thing I could think that would prevent this from working would be that
perhaps apache was loading the cert and info on startup making it very
difficult to change the info on the fly.


Perhaps you need to read in how SSL works :-)
That said, I'd check:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

Good luck!

Kind regards/met vriendelijke groet,

Serge Fonville

http://www.sergefonville.nl

2014-12-31 20:31 GMT+01:00 Greg <gr...@gmail.com>:

> Hi guys,
>
> I'm sure this has been asked before, but I'm unable to find much.
>
> I'm attempting to make one virtualhost that is basically a wildcard setup.
> they all share the same docroot and such, but the domain names can be
> different.
>
> I have considered making a new virtualhost per domain, but there are
> reasons I would prefer to make the system not need such a thing.
>
> The goal:
>
> 1 virtualhost that can have many domain names accessing it. It should use
> SSL engine and each domain should have it's own SSL certificate.
>
> I've already got the non-ssl version setup.
>
> So my initial thoughts are this might be possible with a pipe and an
> executable or using variables for the accessing domain.
>
> Now, I figure someone has wanted to do this in the past, there are so many
> good reasons why someone would do this. So if it's not been done, The only
> thing I could think that would prevent this from working would be that
> perhaps apache was loading the cert and info on startup making it very
> difficult to change the info on the fly.
>
> Any thoughts?
>
> --
> Thank you,
> Greg Borbonus
> *Nix Server administrator
> 832-699-0461
> http://www.linkedin.com/in/gregborbonus/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>