httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] multiple SSL certs on one server behind a NAT router
Date Tue, 12 Sep 2006 17:17:40 GMT
If it looks like this then it will work perfect for www.foo.com but
won't work for bar com. User will receive an error saying that bar.com
uses certificate for foo.com.

The rool is easy: one cert per one IP.

See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

On 9/12/06, milktoast <jgreene@angeluspress.org> wrote:
>
> How should this look?
>
> Here the virtual part of my httpd.conf
>
>
> <VirtualHost _default_:443>
>
> DocumentRoot /home/htdocs/foo
> ServerName www.foo.com
> ServerAdmin webmaster@foo.com
> ErrorLog /usr/local/apache/logs/error_log
> TransferLog /usr/local/apache/logs/access_log
> # Block TRACE/TRACK XSS vector
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
>
> <LocationMatch "^/">
> </LocationMatch>
>
> SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/ssl.https/www.foo.com.crt
> SSLCertificateKeyFile /etc/ssl.https/www.foo.com.key
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /usr/local/apache/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
> NameVirtualHost 192.168.2.10
>
> </VirtualHost>
>  <VirtualHost 192.168.2.10>
>     ServerName www.foo.com
>     ServerAlias foo.com www.foo.com
>     DocumentRoot /home/htdocs/foo
>     ErrorLog /usr/local/apache/logs/error_log
>     </VirtualHost>
>
> <VirtualHost 192.168.2.10>
>    ServerName www.bar.com
>    ServerAlias bar.com www.bar.com
>    DocumentRoot /home/htdocs/bar
>    ErrorLog /usr/local/apache/logs/error_log
>    </VirtualHost>
>
>
>
>
>
> Serge Dubrouski wrote:
> >
> > If both server share one IP using NameVirtualHost feature then there
> > is no way to have different certificates for them.
> >
> > On 9/12/06, milktoast <jgreene@angeluspress.org> wrote:
> >
> >
>
> --
> View this message in context: http://www.nabble.com/multiple-SSL-certs-on-one-server-behind-a-NAT-router-tf2260024.html#a6270424
> Sent from the Apache HTTP Server - Users forum at Nabble.com.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message