Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 23473 invoked from network); 12 Sep 2006 17:17:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 12 Sep 2006 17:17:58 -0000 Received: (qmail 30147 invoked by uid 500); 12 Sep 2006 17:17:47 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 30130 invoked by uid 500); 12 Sep 2006 17:17:47 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 30119 invoked by uid 99); 12 Sep 2006 17:17:47 -0000 Received: from idunn.apache.osuosl.org (HELO idunn.apache.osuosl.org) (140.211.166.84) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Sep 2006 10:17:47 -0700 Authentication-Results: idunn.apache.osuosl.org smtp.mail=sergeyfd@gmail.com; spf=pass Authentication-Results: idunn.apache.osuosl.org header.from=sergeyfd@gmail.com; domainkeys=good X-ASF-Spam-Status: No, hits=0.4 required=5.0 tests=DNS_FROM_RFC_ABUSE,RCVD_BY_IP Received-SPF: pass (idunn.apache.osuosl.org: domain gmail.com designates 64.233.162.194 as permitted sender) DomainKey-Status: good X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 Received: from ([64.233.162.194:42475] helo=nz-out-0102.google.com) by idunn.apache.osuosl.org (ecelerity 2.1 r(10620)) with ESMTP id 8A/80-03642-5CBE6054 for ; Tue, 12 Sep 2006 10:17:58 -0700 Received: by nz-out-0102.google.com with SMTP id x7so748432nzc for ; Tue, 12 Sep 2006 10:17:41 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PO32JVklO6owASbTt9zzXgLzSWQ6q16MtnaokZC5HwzklqgcC3867VTuFeBGKFGHk6aWo1msuhpXU58SmwYzyDKNKOMbZrJeDLk8PJtmWQR+3UMY2cAVIjMdYxvFQpF+SuiEQ75mIFIaBQKdmZDLkRm/sCWY2UDu+6x9Rq2HC6o= Received: by 10.35.61.17 with SMTP id o17mr11254628pyk; Tue, 12 Sep 2006 10:17:41 -0700 (PDT) Received: by 10.35.113.1 with HTTP; Tue, 12 Sep 2006 10:17:40 -0700 (PDT) Message-ID: <868cbbaa0609121017n6d4a9119mef770095c54e8629@mail.gmail.com> Date: Tue, 12 Sep 2006 12:17:40 -0500 From: "Serge Dubrouski" To: users@httpd.apache.org In-Reply-To: <6270424.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <6269962.post@talk.nabble.com> <868cbbaa0609120951x3e17bf7doef39930b4cc9178f@mail.gmail.com> <6270424.post@talk.nabble.com> Subject: Re: [users@httpd] multiple SSL certs on one server behind a NAT router X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N If it looks like this then it will work perfect for www.foo.com but won't work for bar com. User will receive an error saying that bar.com uses certificate for foo.com. The rool is easy: one cert per one IP. See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html On 9/12/06, milktoast wrote: > > How should this look? > > Here the virtual part of my httpd.conf > > > > > DocumentRoot /home/htdocs/foo > ServerName www.foo.com > ServerAdmin webmaster@foo.com > ErrorLog /usr/local/apache/logs/error_log > TransferLog /usr/local/apache/logs/access_log > # Block TRACE/TRACK XSS vector > RewriteEngine On > RewriteCond %{REQUEST_METHOD} ^TRACE > RewriteRule .* - [F] > > > > > SSLEngine on > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile /etc/ssl.https/www.foo.com.crt > SSLCertificateKeyFile /etc/ssl.https/www.foo.com.key > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > CustomLog /usr/local/apache/logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > NameVirtualHost 192.168.2.10 > > > > ServerName www.foo.com > ServerAlias foo.com www.foo.com > DocumentRoot /home/htdocs/foo > ErrorLog /usr/local/apache/logs/error_log > > > > ServerName www.bar.com > ServerAlias bar.com www.bar.com > DocumentRoot /home/htdocs/bar > ErrorLog /usr/local/apache/logs/error_log > > > > > > > Serge Dubrouski wrote: > > > > If both server share one IP using NameVirtualHost feature then there > > is no way to have different certificates for them. > > > > On 9/12/06, milktoast wrote: > > > > > > -- > View this message in context: http://www.nabble.com/multiple-SSL-certs-on-one-server-behind-a-NAT-router-tf2260024.html#a6270424 > Sent from the Apache HTTP Server - Users forum at Nabble.com. > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org