SSL and IP based virtual hosting
This is a discussion on SSL and IP based virtual hosting within the Apache Web Server forums, part of the Web Server and Related Forums category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi - heres the problem: On a slackware 9.1 system running apache 1.3....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-15-2004
|
|||
|
|||
SSL and IP based virtual hosting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hi - heres the problem: On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip 192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and https://fredsserver on my lan. Is it possible to combine a certificiate for fred.linuxserver and fredsserver, so that whichever way it is accessed, no message will popup in the browsers? Thanks, Fred -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFABr/cDvn9hyzHIq4RAsLIAJ9jM/l8AU/zpojDvo3dMtFCFkayPwCfUOrw NBBksMUl6bZ/TrJg7YwZ3U8= =NXDI -----END PGP SIGNATURE----- |
|
01-15-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
"Fred Emmott" <pcfreak65@hotmail.com> wrote in message news:bu6f72$pj9$1@newsfeed.th.ifl.net... > On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip > 192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and > https://fredsserver on my lan. Is it possible to combine a certificiate for > fred.linuxserver and fredsserver, so that whichever way it is accessed, no > message will popup in the browsers? No, the best you can do (to cover multiple hosts with one certificate) is to get a wildcard cert such as *.domain.com, but this wouldn't fit your scenario. If you are using IP based virtualhosting you could assign two IPs to the machine, and have each of your two hostnames point to different IPs, each one could then serve the correct certificate to match the hostname used, and then serve the exact same site on each one. Richard. |
|
01-15-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Richard Antony Burton wrote: > > "Fred Emmott" <pcfreak65@hotmail.com> wrote in message > news:bu6f72$pj9$1@newsfeed.th.ifl.net... > >> On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip >> 192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and >> https://fredsserver on my lan. Is it possible to combine a certificiate > for >> fred.linuxserver and fredsserver, so that whichever way it is accessed, >> no message will popup in the browsers? > > No, the best you can do (to cover multiple hosts with one certificate) is > to get a wildcard cert such as *.domain.com, but this wouldn't fit your > scenario. If you are using IP based virtualhosting you could assign two > IPs to the machine, and have each of your two hostnames point to different > IPs, each one could then serve the correct certificate to match the > hostname used, and then serve the exact same site on each one. > > Richard. thanks - now to copy my config files :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFABxaxDvn9hyzHIq4RAo6xAJsGAm/rw/ki59cH+/0qEkjG2V6jFgCfT1tR ubyOd/yQ5dxKS1gCroQopg0= =O6Tf -----END PGP SIGNATURE----- |
|
01-16-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
Fred Emmott wrote:
> Hi - heres the problem: > > On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip > 192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and > https://fredsserver on my lan. Is it possible to combine a certificiate for > fred.linuxserver and fredsserver, so that whichever way it is accessed, no > message will popup in the browsers? Your best bet is to set up bind to return the lan ip addresses to local machines. That way, your local machines can use the same URLs as sytems outside your lan. I do this for my lan. I block the dns port at the router so I don't have to worry about "polluting" the internet with bogus ip addresses. |
|
01-16-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
Rossz wrote:
> Fred Emmott wrote: >> Hi - heres the problem: >> >> On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip >> 192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and >> https://fredsserver on my lan. Is it possible to combine a certificiate >> for fred.linuxserver and fredsserver, so that whichever way it is >> accessed, no message will popup in the browsers? > > Your best bet is to set up bind to return the lan ip addresses to local > machines. That way, your local machines can use the same URLs as sytems > outside your lan. > > I do this for my lan. I block the dns port at the router so I don't have > to worry about "polluting" the internet with bogus ip addresses. It's only on a disconnected LAN - problem being all the "servers" used to be be <bla>.linuxserver, and i am changing them to <bla>server, but don't want to break anything |
|
01-16-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
Fred Emmott wrote:
> Rossz wrote: > > >>Fred Emmott wrote: >> >>>Hi - heres the problem: >>> >>>On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip >>>192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver and >>>https://fredsserver on my lan. Is it possible to combine a certificiate >>>for fred.linuxserver and fredsserver, so that whichever way it is >>>accessed, no message will popup in the browsers? >> >>Your best bet is to set up bind to return the lan ip addresses to local >>machines. That way, your local machines can use the same URLs as sytems >> outside your lan. >> >>I do this for my lan. I block the dns port at the router so I don't have >>to worry about "polluting" the internet with bogus ip addresses. > > > It's only on a disconnected LAN - problem being all the "servers" used to be > be <bla>.linuxserver, and i am changing them to <bla>server, but don't want > to break anything Sounds like a job for mod_rewrite. -- Rossz |
|
01-16-2004
|
|||
|
|||
|
Re: SSL and IP based virtual hosting
Rossz wrote:
> Fred Emmott wrote: >> Rossz wrote: >> >> >>>Fred Emmott wrote: >>> >>>>Hi - heres the problem: >>>> >>>>On a slackware 9.1 system running apache 1.3.x, i have a vhost with ip >>>>192.168.0.3 (eth0:0), which is accessible by https://fred.linuxserver >>>>and https://fredsserver on my lan. Is it possible to combine a >>>>certificiate for fred.linuxserver and fredsserver, so that whichever way >>>>it is accessed, no message will popup in the browsers? >>> >>>Your best bet is to set up bind to return the lan ip addresses to local >>>machines. That way, your local machines can use the same URLs as sytems >>> outside your lan. >>> >>>I do this for my lan. I block the dns port at the router so I don't have >>>to worry about "polluting" the internet with bogus ip addresses. >> >> >> It's only on a disconnected LAN - problem being all the "servers" used to >> be be <bla>.linuxserver, and i am changing them to <bla>server, but don't >> want to break anything > > Sounds like a job for mod_rewrite. > > -- > Rossz Will that work for ssl? Surely it will establish a connection with ssl before rewrite has an effect, so it will complain about bad certificate? |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:55 AM.
