RE: Two Name-Based Virtual Hosts : Two SSL Certificates?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Crypto,

Thanks for the info on SNI.  I'm currently running on httpd-2.0.46, therefore, SNI support is not there. The browsers support listed on that wiki can't support the browser versions that are offered in the company currently. The application is running on Redhat 3.9.

Are you saying that I can request two IPs for the same server?  I'd need to contact our admin over here.  I am not sure if we can request a wildcard cert either.

If I just request another SSL cert for the second site (not doing any of methods that you listed below), does Apache would still use the default SSL cert for the main site? The user would still get that warning?  Is that what you are saying?

Please advise.

Mary

-----Original Message-----
From: Crypto Sal [mailto:crypto.sal@xxxxxxxxx] 
Sent: Saturday, April 24, 2010 10:01 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Two Name-Based Virtual Hosts : Two SSL Certificates?

  On 04/24/2010 11:07 AM, Wang, Mary Y wrote:
> Hi,
>
> I've two name-based virtual hosts defined (two name web sites on a single IP address).  I only requested one SSL certificate for the main site.   My application is running on the main site first and goes to the second site when user's click on a specific button. Whenever the URL points to the second site, Firefox detected the server certificate belongs to a different site.
>
> Is it a common practice when have two or most name-based virtual hosts running on a single IP on Apache, request a SSL certificate for EACH host name? If so, do I just add the SSLCertificateFile and SSLCertificateKeyFile information in the<VirtualHost>  container for the second site as well?
>
> I'm running on Apache 2.
>
> Any suggestions?
>
> Thanks in advance
> Mary
>


Hi Mary,

Which specific version of Apache are you using? Latest stable is 2.2.15 in the 2.2 branch and can make use of SNI ( http://en.wikipedia.org/wiki/Server_Name_Indication ). Prior to 2.2.12, SNI support wasn't there officially.

Are you targeting a specific browser or OS with your Application? If platform independent then you will need to do one of the following: 
Separate IPs, Separate Ports on shared IP, use a wildcard cert, or use a multi-domain certificate. If you're only allowing Firefox 2.x and higher and IE on Vista and Higher, you can go the SNI route.

Easiest method is the Separate IPs route with whatever certificate combination you want.

Hope this helps.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux