httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From saibaba Duggirala <saibaba_...@yahoo.com>
Subject Re: [users@httpd] Re: adding multiple SSLCACertificateFile in vhost.conf
Date Thu, 08 Mar 2007 21:13:49 GMT
What if the second cert we took from a diff company
  In general the server should be able to support multiple CA certificate files right?Our
web browsers does that now -isn't it -correct me please  if I  am wrong
   
  so in vhost.conf for scurehttps the following should be able to work -right
  #old one
  SSLCACertificateFile conf/ssl/nsm_ca.crt
  #new one 
SSLCACertificateFile conf/ssl/Commercial_CPE_Root_Cert.pem
   
  #these are left as before
  SSLCertificateFile conf/ssl/nsm.crt
  SSLCertificateKeyFile conf/ssl/nsm.key
  SSLCertificateChainFile conf/ssl/nsm.crt

matt farey <matt.farey@gmail.com> wrote:
  

Dan_Mitton@Notes.YMP.GOV wrote:
>
> Why would you need to support both SSL certificates? From what I've
> seen (at least with Verisign) when you renew a certificate, it adds
> the renewal period to the end of your current expiration period, but
> is valid from the date you renew! As soon as you get the new
> certificate, you should be able to use it. You don't need to wait for
> the old one to expire to do the swap.
>
>
good point!


> Please respond to users@httpd.apache.org
>
> To: users@httpd.apache.org
> cc: (bcc: Dan Mitton/YD/RWDOE)
> Subject: Re: [users@httpd] Re: adding multiple
> SSLCACertificateFile in vhost.conf
>
>
> LSN: Not Relevant
> User Filed as: Not a Record
>
>
>
> saibaba Duggirala wrote:
> > yes, more than one SSL enabled
> > servername on a single IP address, single NIC
> > 
> > The cureent certificate is expiring in couple of months so we want to
> > seamleesly support the current one until it expires along with the new
> > one
> > 
> >
> as far as I am aware SSL certs cannot be combined on a single IP, you
> need to either use 2 NICs or use IP aliasing to bind 2 IP addresses to a
> single NIC, and then in your vhost conf you can set up the certs one
> each per IP, here's a short article:
> http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources
> matt
>
> > */matt farey /* wrote:
> >
> >
> >
> > saibaba Duggirala wrote:
> > > hi,
> > > can anyone please let me know what is the procedure to add
> multiple
> > > SSLCACertificateFile in vhost.conf in apache
> > >
> > > So far we have been using only one file, shown below in vhost.conf
> > > SSLCACertificateFile conf/ssl/nsm_ca1.cr
> > >
> > > We would like to use another root certificate along with the
> > above one
> > > , so is it as simple as adding another line like above
> > > SSLCACertificateFile conf/ssl/nsm_ca_2.cr in vhost file or is
> there
> > > something else that I should be doing
> > >
> > >
> > > Thanks,
> > > saibaba
> > >
> > > Get your own web address.
> > >
> > > Have a HUGE year through Yahoo! Small Business.
> > >
> >
> >
> > depends on your setup, are you trying to host more than one SSL
> > enabled
> > servername on a single IP address, single NIC, or what?
> >
> >
> > --
> > Matthew Farey
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> > Sucker-punch spam
> >
> 
> > with award-winning protection.
> > Try the free Yahoo! Mail Beta.
> >
> 
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>

-- 
Matthew Farey



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



 
---------------------------------
No need to miss a message. Get email on-the-go 
with Yahoo! Mail for Mobile. Get started.
Mime
View raw message