The following resource may help: http://wiki.cacert.org/wiki/VHostTaskForce http://marc.theaimsgroup.com/?l=openssl-users http://www.cacert.org/I recently set up a certificate authority, import my CA certificate into the browser, and attempt to use that CA certificate to sign for *.domain.com and *.*.domain.com. My experiment with *.*.domain.com failed. MSIE does not support it. But I learned that if you have a certificate with ability to sign other certificates (or use CAcert.org), you put all of your hostnames into one certificate, sign it, consolidate all of your virtualhosts into one. I have not use CAcert to sign a *.*.domain.com, so if you succeed, and if MSIE support it, please let me know. I know that *.*.domain.com is a violation of RFC3280 but I don't understand why.
Khai
From: <Oliver.Schaudt@xxxxxxxxx> Reply-To: users@xxxxxxxxxxxxxxxx To: <users@xxxxxxxxxxxxxxxx>Subject: AW: [users@httpd] Problems with several ssl-certs and dyndns machineDate: Thu, 16 Feb 2006 12:48:00 +0100The description what you gave is the case if you have running several SSL-Host on the same ip-adress but with different names. Without SSL you can do this but with SSL each Host need its own ip address.If this is not the case, than you should post the host parts of your config.look more at http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html* Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.bye oliver -----Ursprüngliche Nachricht----- Von: Jochen Kaechelin [mailto:fvgi242ss@xxxxxxxxxxxxxx] Gesendet: Do 16.02.2006 12:24 An: Apache Users Mailing List Betreff: [users@httpd] Problems with several ssl-certs and dyndns machine I run a small webserver (dyndns machine) and several vhosts running on port 443. I created a *.crt, *.csr and *.key file for each host. . SSLEngine on SSLCertificateFile /etc/apache2/ssl/ahost.crt SSLCertificateKeyFile /etc/apache2/ssl/ahost.key . SSLEngine on SSLCertificateFile /etc/apache2/ssl/bhost.crt SSLCertificateKeyFile /etc/apache2/ssl/bhost.key . SSLEngine on SSLCertificateFile /etc/apache2/ssl/chost.crt SSLCertificateKeyFile /etc/apache2/ssl/chost.key . My problem is that each vhost displays the certificate of vhost ahost. I need to stop ahost and bhost to display chost with the correct cert. Whats wrong here? -- fvgi242ss - Webmaster wlanhacking.de http://mail.wlanhacking.de/cgi-bin/mailman/listinfo/wlanhacking --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx