You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mark London <mr...@psfc.mit.edu> on 2003/11/24 21:32:09 UTC
[users@httpd] Certificates for aliases?
Hi - We are running apache on a node that we want people to access
using the primary ip name and also an alias. However, since the
present certificate was created for the primary ip name, anyone who
accesses the server using the alias are warned about this. Is there
any way to create a certificate that can also be used with an alias
name, or is there a way for apache to use 2 different certificates?
Thanks. - Mark
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Certificates for aliases?
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
> accesses the server using the alias are warned about this. Is there
> any way to create a certificate that can also be used with an alias
> name, or is there a way for apache to use 2 different certificates?
Apache can use as many cert's as needed. However you will need one IP
address per certificate to differentiate between them (the certificate is
presented in the SSL layer -prior- to the client showing the 'Host:'
header which tells the server which vhost is activated - hence you MUST
use IP based virtual hosts to know early enough which cert to present).
The only special case/exception is when your sites are all in the same
FQDN; i.e. foo.bar.com, foo2.bar.com, mail.bar.com; in that case you can
tie a wildcard cert; i.e. one matching *.bar.com to a single IP and still
run foo2, foo and mail under that.
If you are using self signed certs/your own CA (or if you manage to
seriously trick a CA) you can of course create a wild card cert for *.com
or even for '.' - the latter does not work with all SSL stacks though.
Dw
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Certificates for aliases?
Posted by Kyle Dent <kd...@seaglass.com>.
On Mon, 24 Nov 2003, Mark London wrote:
> Hi - We are running apache on a node that we want people to access
> using the primary ip name and also an alias. However, since the
> present certificate was created for the primary ip name, anyone who
> accesses the server using the alias are warned about this. Is there
> any way to create a certificate that can also be used with an alias
> name, or is there a way for apache to use 2 different certificates?
> Thanks. - Mark
You'll need a certificate for each *hostname* you want to use
with SSL. Apache can be configured for as many certificates as
you need.
Kyle
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org