|
Home > Archive > Web Servers on Unix and Linux > August 2005 > Using a default SSL Certificate, plus IP based virtual ones
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Using a default SSL Certificate, plus IP based virtual ones
|
|
| listrecv@gmail.com 2005-08-21, 5:49 pm |
| I'd like to use specifc SSL Certs for certain IP's, plus a default cert
for all other IP's.
How do I do this?
| |
| listrecv@gmail.com 2005-08-21, 5:49 pm |
| Follow up:
I tried the following, but seemed to always get the default, even on
the mentioned IP:
<VirtualHost 192.168.1.154:443>
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.mysite.com.verisign.crt
SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key
SSLCertificateChainFile /etc/ssl/certs/verisign.chain.crt
etc
</VirtualHost>
<VirtualHost _default_:443>
SSLCertificateFile /etc/ssl/certs/wildcard.default.com.crt
SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key
# The above key is for wildcard.default.com.crt as well
SSLCertificateChainFile /etc/ssl/certs/sf_issuing.crt
etc
| |
| Jim Hayter 2005-08-22, 5:56 pm |
| On 21 Aug 2005 14:26:28 -0700, in comp.infosystems.www.servers.unix,
listrecv@gmail.com wrote:
>Follow up:
>
>I tried the following, but seemed to always get the default, even on
>the mentioned IP:
>
><VirtualHost 192.168.1.154:443>
># Enable/Disable SSL for this virtual host.
>SSLEngine on
>
>SSLCertificateFile /etc/ssl/certs/www.mysite.com.verisign.crt
>SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key
>SSLCertificateChainFile /etc/ssl/certs/verisign.chain.crt
>
>etc
></VirtualHost>
>
><VirtualHost _default_:443>
>SSLCertificateFile /etc/ssl/certs/wildcard.default.com.crt
>SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key
># The above key is for wildcard.default.com.crt as well
>SSLCertificateChainFile /etc/ssl/certs/sf_issuing.crt
>
>etc
SSL negotiation takes place before the connection to apache is
complete. You can not use more than one SSL certificate for a web
server. You will need to run a separate web server on its own unique
ip-address/port combination for each certificate.
Jim
| |
| listrecv@gmail.com 2005-08-30, 5:58 pm |
| Jim,
I understand - the server has numerous IP's. I'm trying to do the
following:
IP #1: Cert #1
All other IP's: Cert #2
| |
| Jim Hayter 2005-08-30, 5:58 pm |
| On 30 Aug 2005 10:41:34 -0700, in comp.infosystems.www.servers.unix,
listrecv@gmail.com wrote:
>Jim,
>
>I understand - the server has numerous IP's. I'm trying to do the
>following:
>
>IP #1: Cert #1
>All other IP's: Cert #2
I've just been experimenting with this. Based on a posting from
August 26 (message id:
<1125081645.852194.156920@z14g2000cwz.googlegroups.com> ). You can see
it at:
http://groups.google.com/group/alt....e+site++apache+(ssl+OR+%C3%9Fl)+group:alt.apache.configuration&rnum=1&hl=en#a80ca386686feaba
I've found that I don't even need separate IPs. I have servers behind
load balancers and they forward traffic sent to different IPs to
different ports. As long as I put each secure server on its own port,
I can have one apache config handling multiple secure certificates.
HTH,
Jim
|
|
|
|
|