Re: SSL certificate and multiple names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/08/10 18:22, Hélène Montarou wrote:
> Hi,
> 
> I have installed httpd-2.2.3 and I would like to generate a certificate.
> The machine on which it is installed has an internal name
> (internal.domain.com) and I would like to use another name for external
> purpposes (services.external.domain.com).
> I would like to generate a certificate for the external name
> (services.external.domain.com).
> I was wondering where I could configure the name in Linux config file as
> well as in the httpd config files to make it work.
> I haven't seen a naming parameter in httpd.config.
> 
> Would you give me some direction?
> 
> Thank you,
> 
> Hélène
>    
> 

Conventional SSL certificates are tied to a specific "Common Name".
In Apache terms, this is the same as the hostname you put in the browser
in order to connect to a given VirtualHost.
EG: "www.example.com"

If you want two different hostnames, you generally need two different
certificates. Similarly, you will need a unique IP:port combination for
each Virtual Host, since the ServerName variable isn't seen by Apache
until after the SSL handshake.

There are exceptions to this: Wildcard certificates (for
"*.example.com") and "SNI" are two.

Mark.

- -- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, IPR Secure Managed Hosting
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxhCbkACgkQBn4EFUVUIO1tcACgpa3s6wyw5ilrEvJGLXRqrVMK
LGUAoOHwmHI/sYdIlPpRWJ7X2xlGcOP4
=7VDP
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux