Using a default SSL Certificate, plus IP based virtual ones
This is a discussion on Using a default SSL Certificate, plus IP based virtual ones within the Linux Web Servers forums, part of the Web Server and Related Forums category; I'd like to use specifc SSL Certs for certain IP's, plus a default cert for all other IP'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-21-2005
|
|||
|
|||
Re: Using a default SSL Certificate, plus IP based virtual ones
Follow up:
I tried the following, but seemed to always get the default, even on the mentioned IP: <VirtualHost 192.168.1.154:443> # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/ssl/certs/www.mysite.com.verisign.crt SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key SSLCertificateChainFile /etc/ssl/certs/verisign.chain.crt etc </VirtualHost> <VirtualHost _default_:443> SSLCertificateFile /etc/ssl/certs/wildcard.default.com.crt SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key # The above key is for wildcard.default.com.crt as well SSLCertificateChainFile /etc/ssl/certs/sf_issuing.crt etc |
|
08-22-2005
|
|||
|
|||
|
Re: Using a default SSL Certificate, plus IP based virtual ones
On 21 Aug 2005 14:26:28 -0700, in comp.infosystems.www.servers.unix,
listrecv@gmail.com wrote: >Follow up: > >I tried the following, but seemed to always get the default, even on >the mentioned IP: > ><VirtualHost 192.168.1.154:443> ># Enable/Disable SSL for this virtual host. >SSLEngine on > >SSLCertificateFile /etc/ssl/certs/www.mysite.com.verisign.crt >SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key >SSLCertificateChainFile /etc/ssl/certs/verisign.chain.crt > >etc ></VirtualHost> > ><VirtualHost _default_:443> >SSLCertificateFile /etc/ssl/certs/wildcard.default.com.crt >SSLCertificateKeyFile /etc/ssl/certs/www.mysite.com.key ># The above key is for wildcard.default.com.crt as well >SSLCertificateChainFile /etc/ssl/certs/sf_issuing.crt > >etc SSL negotiation takes place before the connection to apache is complete. You can not use more than one SSL certificate for a web server. You will need to run a separate web server on its own unique ip-address/port combination for each certificate. Jim |
|
08-30-2005
|
|||
|
|||
|
Re: Using a default SSL Certificate, plus IP based virtual ones
On 30 Aug 2005 10:41:34 -0700, in comp.infosystems.www.servers.unix,
listrecv@gmail.com wrote: >Jim, > >I understand - the server has numerous IP's. I'm trying to do the >following: > >IP #1: Cert #1 >All other IP's: Cert #2 I've just been experimenting with this. Based on a posting from August 26 (message id: <1125081645.852194.156920@z14g2000cwz.googlegroups .com>). You can see it at: http://groups.google.com/group/alt.a...0ca386686feaba I've found that I don't even need separate IPs. I have servers behind load balancers and they forward traffic sent to different IPs to different ports. As long as I put each secure server on its own port, I can have one apache config handling multiple secure certificates. HTH, Jim |
Linear Mode
