httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From milktoast <jgre...@angeluspress.org>
Subject Re: [users@httpd] multiple SSL certs on one server behind a NAT router
Date Tue, 12 Sep 2006 17:10:16 GMT

How should this look? 

Here the virtual part of my httpd.conf


<VirtualHost _default_:443>

DocumentRoot /home/htdocs/foo
ServerName www.foo.com
ServerAdmin webmaster@foo.com
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
# Block TRACE/TRACK XSS vector
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

<LocationMatch "^/">
</LocationMatch>

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl.https/www.foo.com.crt
SSLCertificateKeyFile /etc/ssl.https/www.foo.com.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


NameVirtualHost 192.168.2.10

</VirtualHost>
 <VirtualHost 192.168.2.10>
    ServerName www.foo.com
    ServerAlias foo.com www.foo.com
    DocumentRoot /home/htdocs/foo
    ErrorLog /usr/local/apache/logs/error_log
    </VirtualHost>

<VirtualHost 192.168.2.10>
   ServerName www.bar.com
   ServerAlias bar.com www.bar.com
   DocumentRoot /home/htdocs/bar
   ErrorLog /usr/local/apache/logs/error_log
   </VirtualHost>





Serge Dubrouski wrote:
> 
> If both server share one IP using NameVirtualHost feature then there
> is no way to have different certificates for them.
> 
> On 9/12/06, milktoast <jgreene@angeluspress.org> wrote:
> 
> 

-- 
View this message in context: http://www.nabble.com/multiple-SSL-certs-on-one-server-behind-a-NAT-router-tf2260024.html#a6270424
Sent from the Apache HTTP Server - Users forum at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message