Re: Dynamic SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When I first read this, I was like... really?

but then I read the docs and felt like smacking myself in the forehead. I skimmed over the critical flaw without giving it a second look.

I'll need to rethink this design. Thanks.


Thank you,
Greg Borbonus
*Nix Server administrator
832-699-0461
http://www.linkedin.com/in/gregborbonus/
On 12/31/2014 1:49 PM, Serge Fonville wrote:
Hi,

1 virtualhost that can have many domain names accessing it. It should use SSL engine and each domain should have it's own SSL certificate.

I've already got the non-ssl version setup.

So my initial thoughts are this might be possible with a pipe and an executable or using variables for the accessing domain.

Now, I figure someone has wanted to do this in the past, there are so many good reasons why someone would do this. So if it's not been done, The only thing I could think that would prevent this from working would be that perhaps apache was loading the cert and info on startup making it very difficult to change the info on the fly.

Perhaps you need to read in how SSL works :-)
That said, I'd check:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

Good luck!

Kind regards/met vriendelijke groet,

Serge Fonville

http://www.sergefonville.nl

2014-12-31 20:31 GMT+01:00 Greg <gregborbonus@xxxxxxxxx>:
Hi guys,

I'm sure this has been asked before, but I'm unable to find much.

I'm attempting to make one virtualhost that is basically a wildcard setup. they all share the same docroot and such, but the domain names can be different.

I have considered making a new virtualhost per domain, but there are reasons I would prefer to make the system not need such a thing.

The goal:

1 virtualhost that can have many domain names accessing it. It should use SSL engine and each domain should have it's own SSL certificate.

I've already got the non-ssl version setup.

So my initial thoughts are this might be possible with a pipe and an executable or using variables for the accessing domain.

Now, I figure someone has wanted to do this in the past, there are so many good reasons why someone would do this. So if it's not been done, The only thing I could think that would prevent this from working would be that perhaps apache was loading the cert and info on startup making it very difficult to change the info on the fly.

Any thoughts?

--
Thank you,
Greg Borbonus
*Nix Server administrator
832-699-0461
http://www.linkedin.com/in/gregborbonus/



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


begin:vcard
fn:Greg Borbonus
n:Borbonus;Greg
org:Able Admins;IT
adr:;;3610 parkbank ct,;Houston;Tx;77068;US
email;internet:gregborbonus@xxxxxxxxx
title:Sr. System Administrator
tel;work:(832) 699- 0461
tel;cell:(832) 699- 0461
x-mozilla-html:TRUE
url:http://www.linkedin.com/in/gregborbonus/
version:2.1
end:vcard


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux