httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Robert D." <RDNel...@Mail.Donaldson.com>
Subject RE: [users@httpd] separate certificate per virtual host
Date Thu, 03 Feb 2005 17:11:03 GMT
Yassen:

> apache 2.0.52 w/ dynamic virtual hosts (we host a lot of
> domains, so dynamic virtual hosting is a great relief -- I
> cannot part with it!)
>
> Need to present a host-specific SSL certificate for each
> virtual host, so the host name in the certificate matches the
> virtual host name. How to configure apache to handle this case?
>
> Any help or a pointer to a good reading will be appreciated!
> Thanks in advance!

The more I think about this, the more I think that using dynamic virtual
hosts is probably not possible. You need to give each virtual host a
separate SSL cert and key file, which doesn't look like it would be
supported by the dynamic virtual host setup (I've never tried, so I could be
wrong).

One possible solution is to write a simple script which will manage your
httpd.conf file. You can store your host information somewhere (e.g. flat
file or database) and as long as the virtual hosts are similar, have the
script write out the conf file(s). I'm guessing someone has probably already
written something like this, but I've never seen it.

Off the top of my head I'd suggest using separate conf files for each host
(e.g. conf/vhosts/hostname.conf). In your main httpd.conf file you can add
them all dynamically by using ' Include conf/vhosts/*.conf'. Then write a
script that would be executed like './addHost 12.34.56.78 hostname.com'
which would simply write out a standard conf file with the proper IP and
host included. I know it sounds clunky, but I can't think of any other
options.

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message