On Mon, Sep 10, 2012 at 10:00 PM, Igor Cicimov <icicimov@xxxxxxxxx> wrote: > On Sun, Sep 9, 2012 at 10:57 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote: >> >> I'm trying to clean up my conf files after getting an all-SSL server >> with several virtual hosts working. ... >> Can I hoist the common SSL cert. stuff out of the server blocks to a >> higher, common block like this: >> ... > Put all the common commands in a file and use Include statement to call that > file in each of the virtual host. Thanks, Igor, but the include idea is not what I wanted. I wanted to avoid even that boilerplate if possible. I bit the bullet and tried a bit at a time and have been able to do all I wanted EXECPT I had to leave the "SSLEngine on" in the vhost blocks (the Apache 2.4 docs indicate that is best--and the other option caused an Apache abort). So this works fine for me (Apache 2.2.14): <IfModule mod_ssl.c> SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.cert.key.unsecure SSLCertificateChainFile /path/to/class2.server.ca.pem </IfModule> # virtual host blocks follow Note that I still put this directive in vhost blocks since the CA cert files vary by server for client certificates: SSLCACertificateFile /path/to/ca.pem Best, -Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|