Re: 2 server certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It sounds like you have 1 website, and you want to make sure both public users, and LAN users can see the content. I think it's best to do as Jason suggested an use the public hostname as the CN, and do a subject alt DNS name of the server.lan or you could create DNS records in your lan to resolve the public hostname as the private IP addresses for the lan webserver. You can also access the site by IP Address, if you have a subject alt ip address in there.  You will still likely run into certificate trust errors with self signed certs, because all website users will need to install your public key as a trusted certificate.  There are free alternatives that will give you a pre-trusted cert. This will allow users to access your site without needing to install trust for your cert. Check out StartSSL

On Tue, Dec 23, 2014 at 8:30 AM, MM <finjulhich@xxxxxxxxx> wrote:
Hello,

My network connectivity looks like:

setting 1
laptop  ->   corpfirewall ->  ... -> homefirewall  ->   serverbox (httpd 2.4)
in this setting, i have a public dns registered hostname autoupdated by my ISP.
my homefirewall forwards all traffic https to serverbox.

setting 2
samelaptop  -> sameserverbox
                           (servername.lan  <->  192.168.1.x)

I have generate 2 self-signed certificates, 1 with the 'public hostname' as the CN, and another one with the 'servername.lan' as the CN.

I have both certificates in my laptop locally stored.

Is it possible to have httpd use the correct certificate depending on where the request comes from?

Regards,

MM

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux