You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Thomas Sandor <ts...@rndsoft.com> on 2002/12/03 19:14:04 UTC
[users@httpd] how to add multiple SSL cert for each virtual host?
hi everyone,
I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.
I have NameVirtualHost 12.34.56.78 and have a list of <virtualhost/> for
each of our domain, using ServerNamed base aliases, but for the ssl conf it
ain't works. In my ssl.conf in short looks like this:
NameVirtualHost 12.34.56.78:443
<VirtualHost 12.34.56.78:443>
ServerName domain1.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
</VirtualHost>
<VirtualHost 12.34.56.78:443>
ServerName domain2.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
</VirtualHost>
The problem is that apache does not serve domain2 cert files for domain2, it
uses the first declaration for every https://domainX.com invoke. Does anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?
Thanks in advance for any help.
Regards,
Thomas
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to add multiple SSL cert for each virtual host?
Posted by Jacob Coby <jc...@listingbook.com>.
SSL domains _MUST_ be on seperate IP addresses. This is a limitation of the
SSL protocol, and is described in the FAQ.
----- Original Message -----
From: "Thomas Sandor" <ts...@rndsoft.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, December 03, 2002 1:14 PM
Subject: [users@httpd] how to add multiple SSL cert for each virtual host?
> hi everyone,
>
> I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
> (openssl 0.9.6g).
> Till now I had only one domain for which apache should use SSL cert files
> (crt, key), but for our next project I have to add another SSL cert file a
> specific domain.
>
> I have NameVirtualHost 12.34.56.78 and have a list of <virtualhost/> for
> each of our domain, using ServerNamed base aliases, but for the ssl conf
it
> ain't works. In my ssl.conf in short looks like this:
>
> NameVirtualHost 12.34.56.78:443
>
> <VirtualHost 12.34.56.78:443>
> ServerName domain1.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
> </VirtualHost>
>
> <VirtualHost 12.34.56.78:443>
> ServerName domain2.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
> </VirtualHost>
>
> The problem is that apache does not serve domain2 cert files for domain2,
it
> uses the first declaration for every https://domainX.com invoke. Does
anyone
> know how to tell apache to uses specific SSL cert I'd like to define for
> each of my virtualhosts?
>
> Thanks in advance for any help.
>
> Regards,
> Thomas
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to add multiple SSL cert for each virtual host?
Posted by Jason Wilkinson <ja...@wilknet.com>.
This is how I have mine set up...
The second bit is a separate file that I have set up on my server (I
include it in the bottom of my httpd.conf file. Simply duplicate the
second part for every server...replacing the necessary parts and
everything should work fine...
#################<httpd.conf>#################
NameVirtualHost 192.168.0.200
NameVirtualHost 192.168.0.201
<VirtualHost 192.168.0.200:80>
ServerName 192.168.0.200
RedirectMatch (.*)$ http://www.domain1.com/
</VirtualHost>
<VirtualHost 192.168.0.201:80>
ServerName 192.168.0.201
RedirectMatch (.*)$ http://www.domain2.com/
</VirtualHost>
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/pathto/ssl/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/pathto/ssl/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /pathto/ssl/ssl_engine_log
SSLLogLevel info
</IfModule>
Include conf/vhost_secure/
#################</httpd.conf>#################
#################<conf/secure.domain1.com>#################
<IfDefine SSL>
<VirtualHost 192.168.0.200:443>
DocumentRoot "/pathto/htdocs"
ServerName secure.domain1.com
ErrorLog /pathto/error_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /pathto/certs/secure.domain1.com.crt
SSLCertificateKeyFile /pathto/keys/secure.domain1.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /pathto/ssl/ssl_access_log \
"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
%{SSL_PROTOCOL}x %{SSL_CIPHER}x"
</VirtualHost>
</IfDefine>
#################<conf/secure.domain1.com>#################
-----Original Message-----
From: Thomas Sandor [mailto:tsandor@rndsoft.com]
Sent: Tuesday, December 03, 2002 12:14 PM
To: users@httpd.apache.org
Subject: [users@httpd] how to add multiple SSL cert for each virtual
host?
hi everyone,
I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert
files
(crt, key), but for our next project I have to add another SSL cert file
a
specific domain.
I have NameVirtualHost 12.34.56.78 and have a list of <virtualhost/> for
each of our domain, using ServerNamed base aliases, but for the ssl conf
it
ain't works. In my ssl.conf in short looks like this:
NameVirtualHost 12.34.56.78:443
<VirtualHost 12.34.56.78:443>
ServerName domain1.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
</VirtualHost>
<VirtualHost 12.34.56.78:443>
ServerName domain2.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
</VirtualHost>
The problem is that apache does not serve domain2 cert files for
domain2, it
uses the first declaration for every https://domainX.com invoke. Does
anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?
Thanks in advance for any help.
Regards,
Thomas
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org