httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Khai Doan" <khai_qu...@hotmail.com>
Subject RE: AW: [users@httpd] Problems with several ssl-certs and dyndns machine
Date Thu, 16 Feb 2006 19:26:31 GMT
The following resource may help:

http://wiki.cacert.org/wiki/VHostTaskForce
http://marc.theaimsgroup.com/?l=openssl-users
http://www.cacert.org/

I recently set up a certificate authority, import my CA certificate into the 
browser, and attempt to use that CA certificate to sign for *.domain.com and 
*.*.domain.com.  My experiment with *.*.domain.com failed.  MSIE does not 
support it.  But I learned that if you have a certificate with ability to 
sign other certificates (or use CAcert.org), you put all of your hostnames 
into one certificate, sign it, consolidate all of your virtualhosts into 
one.  I have not use CAcert to sign a *.*.domain.com, so if you succeed, and 
if MSIE support it, please let me know.  I know that *.*.domain.com is a 
violation of RFC3280 but I don't understand why.

Khai


>From: <Oliver.Schaudt@unilog.de>
>Reply-To: users@httpd.apache.org
>To: <users@httpd.apache.org>
>Subject: AW: [users@httpd] Problems with several ssl-certs and dyndns 
>machine
>Date: Thu, 16 Feb 2006 12:48:00 +0100
>
>The description what you gave is the case if you have running several 
>SSL-Host on the same ip-adress but with different names. Without SSL you 
>can do this but with SSL each Host need its own ip address.
>
>If this is not the case, than you should post the host parts of your 
>config.
>
>look more at
>http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html
>  * Name-based virtual hosting cannot be used with SSL secure servers 
>because of the nature of the SSL protocol.
>
>bye
>
>oliver
>
>-----Ursprüngliche Nachricht-----
>Von: Jochen Kaechelin [mailto:fvgi242ss@wlanhacking.de]
>Gesendet: Do 16.02.2006 12:24
>An: Apache Users Mailing List
>Betreff: [users@httpd] Problems with several ssl-certs and dyndns machine
>
>I run a small webserver (dyndns machine) and several
>vhosts running on port 443.
>
>I created a *.crt, *.csr and *.key file for each host.
>.
>         SSLEngine on
>         SSLCertificateFile      /etc/apache2/ssl/ahost.crt
>         SSLCertificateKeyFile   /etc/apache2/ssl/ahost.key
>.
>         SSLEngine on
>         SSLCertificateFile      /etc/apache2/ssl/bhost.crt
>         SSLCertificateKeyFile   /etc/apache2/ssl/bhost.key
>.
>         SSLEngine on
>         SSLCertificateFile      /etc/apache2/ssl/chost.crt
>         SSLCertificateKeyFile   /etc/apache2/ssl/chost.key
>.
>
>My problem is that each vhost displays the certificate of vhost ahost.
>I need to stop ahost and bhost to display chost with the correct cert.
>
>Whats wrong here?
>
>--
>fvgi242ss - Webmaster wlanhacking.de
>http://mail.wlanhacking.de/cgi-bin/mailman/listinfo/wlanhacking
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message