I would wish to dynamically generate a certificate for each request. I tried with: SSLCertificateFile prg:/usr/bin/certgenerate I also tried: SSLCertificateFile |/usr/bin/certgenerate and SSLCertificateFile exec:/usr/bin/certgenerate But nothing works, it just generates error messages and does not allow the server to start. How can I specify a certificate dynamically for each request? (certgenerate fetches the certificate from the original IP, extracts the DN and then creates a new certificate out of this. Then it signs the certificate with my private key, and then prints the completed certificate on STDOUT) Im currently using Apache as a transparent forward proxy, and to enable virus scanning of SSL traffic, I have configured it to pass SSL traffic unencrypted to a parent proxy which scans traffic for viruses, and this parent then forwards traffic to a another port of apache (a separate virtualhost), that converts the traffic back to SSL and sends it out the internet. The problem is that this generate a security warning in the browser, even when the CA root is imported. This because the DN host name does not match the real host name, and using a DN of "*" or something like that dosen't help. I need to dynamically create and sign certificates for each request, so the DN always stays valid. If this isn't possible, make this a feature request. Some users would like the possible to dynamically generate a certificate. Especially users who wants to set up a SSL proxy, OR users that is managing a large number of IPs for example a large webhosting and want to dynamically fetch a certificate from a folder, based on the SERVER_ADDR header, instead of configuring about lets say 200 virtualhosts (one for each IP and certificate). Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.7) AntiVirus: ClamAV 0.91.2/8814 - Tue Dec 30 09:43:21 2008 AntiVirus: AVG 7.5.51, engine 442 269.21.0/1296 2008-02-24 by Markus Madlener @ http://www.copfilter.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|