Re: [users@httpd] multiple SSL certs on one server behind a NAT router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If it looks like this then it will work perfect for www.foo.com but
won't work for bar com. User will receive an error saying that bar.com
uses certificate for foo.com.

The rool is easy: one cert per one IP.

See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

On 9/12/06, milktoast <jgreene@xxxxxxxxxxxxxxxx> wrote:


How should this look?

Here the virtual part of my httpd.conf


<VirtualHost _default_:443>

DocumentRoot /home/htdocs/foo
ServerName www.foo.com
ServerAdmin webmaster@xxxxxxx
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
# Block TRACE/TRACK XSS vector
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

<LocationMatch "^/">
</LocationMatch>

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl.https/www.foo.com.crt
SSLCertificateKeyFile /etc/ssl.https/www.foo.com.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


NameVirtualHost 192.168.2.10

</VirtualHost>
 <VirtualHost 192.168.2.10>
    ServerName www.foo.com
    ServerAlias foo.com www.foo.com
    DocumentRoot /home/htdocs/foo
    ErrorLog /usr/local/apache/logs/error_log
    </VirtualHost>

<VirtualHost 192.168.2.10>
   ServerName www.bar.com
   ServerAlias bar.com www.bar.com
   DocumentRoot /home/htdocs/bar
   ErrorLog /usr/local/apache/logs/error_log
   </VirtualHost>





Serge Dubrouski wrote:
>
> If both server share one IP using NameVirtualHost feature then there
> is no way to have different certificates for them.
>
> On 9/12/06, milktoast <jgreene@xxxxxxxxxxxxxxxx> wrote:
>
>

--
View this message in context: http://www.nabble.com/multiple-SSL-certs-on-one-server-behind-a-NAT-router-tf2260024.html#a6270424
Sent from the Apache HTTP Server - Users forum at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux