You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Hélène Montarou <hm...@yahoo.com> on 2010/08/06 19:22:45 UTC
[users@httpd] SSL certificate and multiple names
Hi,
I have installed httpd-2.2.3 and I would like to generate a certificate.
The machine on which it is installed has an internal name (internal.domain.com)
and I would like to use another name for external purpposes
(services.external.domain.com).
I would like to generate a certificate for the external name
(services.external.domain.com).
I was wondering where I could configure the name in Linux config file as well as
in the httpd config files to make it work.
I haven't seen a naming parameter in httpd.config.
Would you give me some direction?
Thank you,
Hélène
Re: [users@httpd] SSL certificate and multiple names
Posted by Crypto Sal <cr...@gmail.com>.
On 08/10/2010 04:11 AM, Mark Watts wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/08/10 18:22, Hélène Montarou wrote:
>> Hi,
>>
>> I have installed httpd-2.2.3 and I would like to generate a certificate.
>> The machine on which it is installed has an internal name
>> (internal.domain.com) and I would like to use another name for external
>> purpposes (services.external.domain.com).
>> I would like to generate a certificate for the external name
>> (services.external.domain.com).
>> I was wondering where I could configure the name in Linux config file as
>> well as in the httpd config files to make it work.
>> I haven't seen a naming parameter in httpd.config.
>>
>> Would you give me some direction?
>>
>> Thank you,
>>
>> Hélène
>>
>>
> Conventional SSL certificates are tied to a specific "Common Name".
> In Apache terms, this is the same as the hostname you put in the browser
> in order to connect to a given VirtualHost.
> EG: "www.example.com"
>
> If you want two different hostnames, you generally need two different
> certificates. Similarly, you will need a unique IP:port combination for
> each Virtual Host, since the ServerName variable isn't seen by Apache
> until after the SSL handshake.
>
> There are exceptions to this: Wildcard certificates (for
> "*.example.com") and "SNI" are two.
>
> Mark.
>
> - --
> Mark Watts BSc RHCE MBCS
>
Mark,
You're forgetting a group in Multi-Domain Certificates (Multi-Common
Names and Single Common Name, multi-SAN[Subject Alternative Name]).
These certificates are very common with hosting providers and on
Exchange 2007+ platforms.
--Sal
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL certificate and multiple names
Posted by Mark Watts <m....@eris.qinetiq.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/08/10 18:22, Hélène Montarou wrote:
> Hi,
>
> I have installed httpd-2.2.3 and I would like to generate a certificate.
> The machine on which it is installed has an internal name
> (internal.domain.com) and I would like to use another name for external
> purpposes (services.external.domain.com).
> I would like to generate a certificate for the external name
> (services.external.domain.com).
> I was wondering where I could configure the name in Linux config file as
> well as in the httpd config files to make it work.
> I haven't seen a naming parameter in httpd.config.
>
> Would you give me some direction?
>
> Thank you,
>
> Hélène
>
>
Conventional SSL certificates are tied to a specific "Common Name".
In Apache terms, this is the same as the hostname you put in the browser
in order to connect to a given VirtualHost.
EG: "www.example.com"
If you want two different hostnames, you generally need two different
certificates. Similarly, you will need a unique IP:port combination for
each Virtual Host, since the ServerName variable isn't seen by Apache
until after the SSL handshake.
There are exceptions to this: Wildcard certificates (for
"*.example.com") and "SNI" are two.
Mark.
- --
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, IPR Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxhCbkACgkQBn4EFUVUIO1tcACgpa3s6wyw5ilrEvJGLXRqrVMK
LGUAoOHwmHI/sYdIlPpRWJ7X2xlGcOP4
=7VDP
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org