Re: Re: adding multiple SSLCACertificateFile in vhost.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Why would you need to support both SSL certificates?  From what I've seen (at least with Verisign) when you renew a certificate, it adds the renewal period to the end of your current expiration period, but is valid from the date you renew!  As soon as you get the new certificate, you should be able to use it.  You don't need to wait for the old one to expire to do the swap.


Please respond to users@xxxxxxxxxxxxxxxx

To:        users@xxxxxxxxxxxxxxxx
cc:         (bcc: Dan Mitton/YD/RWDOE)
Subject:        Re: Re: adding multiple SSLCACertificateFile in vhost.conf


LSN: Not Relevant
User Filed as: Not a Record



saibaba Duggirala wrote:
> yes, more than one SSL enabled
> servername on a single IP address, single NIC
>  
> The cureent certificate is expiring in couple of months so we want to
> seamleesly support the current one until it expires along with the new
> one
>  
>
as far as I am aware SSL certs cannot be combined on a single IP, you
need to either use 2 NICs or use IP aliasing to bind 2 IP addresses to a
single NIC, and then in your vhost conf you can set up the certs one
each per IP, here's a short article:
http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources
matt

> */matt farey <matt.farey@xxxxxxxxx>/* wrote:
>
>
>
>     saibaba Duggirala wrote:
>     > hi,
>     > can anyone please let me know what is the procedure to add multiple
>     > SSLCACertificateFile in vhost.conf in apache
>     >
>     > So far we have been using only one file, shown below in vhost.conf
>     > SSLCACertificateFile conf/ssl/nsm_ca1.cr
>     >
>     > We would like to use another root certificate along with the
>     above one
>     > , so is it as simple as adding another line like above
>     > SSLCACertificateFile conf/ssl/nsm_ca_2.cr in vhost file or is there
>     > something else that I should be doing
>     >
>     >
>     > Thanks,
>     > saibaba
>     >
>     > Get your own web address.
>     >
>     > Have a HUGE year through Yahoo! Small Business.
>     >
>
>
>     depends on your setup, are you trying to host more than one SSL
>     enabled
>     servername on a single IP address, single NIC, or what?
>
>
>     --
>     Matthew Farey
>
>
>
>     ---------------------------------------------------------------------
>     The official User-To-User support forum of the Apache HTTP Server
>     Project.
>     See for more info.
>     To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>     " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>     For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> Sucker-punch spam
> <http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html>
> with award-winning protection.
> Try the free Yahoo! Mail Beta.
> <http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux