----- "Grant" <emailgrant@xxxxxxxxx> wrote: > >> The "virtualhost for each SSL host" is what I mean by separate > >> apache2 > >> configs. ÂI'd like to be able to define different domain names on > the > >> fly within my perl scripts without changing apache2 config. ÂMaybe > >> we're just not there yet? > > > > You can also use things like mod_macro to enable that kind of > flexibility. > > I looked at mod_macro but it seems to essentially be a framework for > setting and reading variable values within the apache2 config files. > What I'd like to do is allow new SSL domains to be defined from the > web in an automatic fashion without the need for SSH access. At this > point I'm thinking something that generates a new vhost config file > for each domain name would be perfect. It could use a template for > each file and just change the IP address and SSL certificate/key > references. Does something like this exist? Aaaha... An (SSL) VHost is just a couple of lines.. depending on your setup either the IP/Cert/ServerName (IP Based) or only the ServerName (SubjectAltName) One way or the other, you can define a pattern: <Macro SSLVhost $servername $ip> <VirtualHost $ip:443> ServerName $servername DocumentRoot /srv/web/$servername/htdocs SSLEngine On SSLCertificateChainFile /etc/pki/ssl/$servername.pem ErrorLog /var/log/httpd/$servername/error_log </VirtualHost> </Macro> , and then Use SSLVhost servername IP In some or the other file. That's one line you have to add -- and then you do an apachectl graceful. > I've read references to "pre-processing apache2 config files with > perl". Is that the way to go here? Yes, sjorge toyed with this option and created some kind of monster.. http://wiki.apache.org/httpd/ApacheVirtualHostMysql This might give you an idea.. > - Grant > > > >> Why would you use multiple IPs instead of X.509 v3 with > >> subjectAltName? ÂDoes subjectAltName have any drawbacks? > > > > Though more widely spread, it's the same as for SNI: > > It's not supported by all Browsers/libraries > > > > One example that comes to my mind is serf. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- Igor GaliÄ Tel: +43 (0) 664 886 22 883 Mail: i.galic@xxxxxxxxxxxxxx URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx