httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] different ssl-certificates for different ports
Date Mon, 11 Nov 2002 08:24:01 GMT
>-----Original Message-----
>From: pilsl@goldfisch.at [mailto:pilsl@goldfisch.at]
>
>To avoid the well-known problems that only one certificate can be used
>per IP, I want to know if apache can use different certificates for
>the same IP if I use different ports for each certificate.

Absolutely. The key thing is that apache muxt be able to route the
request to the VH using only its TCP/IP attributes. That means IP
address/Port number. So you can have as many SSL VHs on the same IP as
you like, so long as they all have different ports.

>I can do so if I run a different apache-instance for each port, but I
>didnt manage it using VirtualHost-Settings.

My advice would be to put all sites into VH containers and use an
explicit Listen for each VH (using defaults can save typing but this way
avoids confusion...). This example has two name-based VHs serving plain
HTTP on port 80 and two port based VHs serving HTTPS on ports 443 and
444: 

NameVirtualHost 192.168.1.1:80

# HTTP 1
Listen 192.168.1.1:80
<VirtualHost 192.168.1.1:80>
  ServerName http_site1
  ...
</VirtualHost>

# HTTP 2
Listen 192.168.1.1:80
<VirtualHost 192.168.1.1:80>
  ServerName http_site2
  ...
</VirtualHost>

# HTTPS 1
Listen 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
  ServerName https_site1
  SSLCertificateFile /path/to/cert1
  ...
</VirtualHost>

# HTTPS 2
Listen 192.168.1.1:444
<VirtualHost 192.168.1.1:444>
  ServerName https_site2
  SSLCertificateFile /path/to/cert2
  ...
</VirtualHost>

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message