httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From matt farey <matt.fa...@gmail.com>
Subject Re: [users@httpd] Re: adding multiple SSLCACertificateFile in vhost.conf
Date Thu, 08 Mar 2007 21:25:04 GMT


saibaba Duggirala wrote:
> What if the second cert we took from a diff company
> In general the server should be able to support multiple CA
> certificate files right?Our web browsers does that now -isn't it
> -correct me please  if I  am wrong
>  
Limitation of Apache, 1 SSL vhost per IP.

BUT this article does explain how to get round it, hence why I sent it
to you:
http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources

you could use another port as well.



> so in vhost.conf for scurehttps the following should be able to work
> -right
> #old one
> SSLCACertificateFile conf/ssl/nsm_ca.crt
> #new one
> SSLCACertificateFile conf/ssl/Commercial_CPE_Root_Cert.pem
>  
> #these are left as before
> SSLCertificateFile conf/ssl/nsm.crt
> SSLCertificateKeyFile conf/ssl/nsm.key
> SSLCertificateChainFile conf/ssl/nsm.crt
>
> */matt farey <matt.farey@gmail.com>/* wrote:
>
>
>
>     Dan_Mitton@Notes.YMP.GOV wrote:
>     >
>     > Why would you need to support both SSL certificates? From what I've
>     > seen (at least with Verisign) when you renew a certificate, it adds
>     > the renewal period to the end of your current expiration period, but
>     > is valid from the date you renew! As soon as you get the new
>     > certificate, you should be able to use it. You don't need to
>     wait for
>     > the old one to expire to do the swap.
>     >
>     >
>     good point!
>
>
>     > Please respond to users@httpd.apache.org
>     >
>     > To: users@httpd.apache.org
>     > cc: (bcc: Dan Mitton/YD/RWDOE)
>     > Subject: Re: [users@httpd] Re: adding multiple
>     > SSLCACertificateFile in vhost.conf
>     >
>     >
>     > LSN: Not Relevant
>     > User Filed as: Not a Record
>     >
>     >
>     >
>     > saibaba Duggirala wrote:
>     > > yes, more than one SSL enabled
>     > > servername on a single IP address, single NIC
>     > >
>     > > The cureent certificate is expiring in couple of months so we
>     want to
>     > > seamleesly support the current one until it expires along with
>     the new
>     > > one
>     > >
>     > >
>     > as far as I am aware SSL certs cannot be combined on a single
>     IP, you
>     > need to either use 2 NICs or use IP aliasing to bind 2 IP
>     addresses to a
>     > single NIC, and then in your vhost conf you can set up the certs one
>     > each per IP, here's a short article:
>     >
>     http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources
>     > matt
>     >
>     > > */matt farey /* wrote:
>     > >
>     > >
>     > >
>     > > saibaba Duggirala wrote:
>     > > > hi,
>     > > > can anyone please let me know what is the procedure to add
>     > multiple
>     > > > SSLCACertificateFile in vhost.conf in apache
>     > > >
>     > > > So far we have been using only one file, shown below in
>     vhost.conf
>     > > > SSLCACertificateFile conf/ssl/nsm_ca1.cr
>     > > >
>     > > > We would like to use another root certificate along with the
>     > > above one
>     > > > , so is it as simple as adding another line like above
>     > > > SSLCACertificateFile conf/ssl/nsm_ca_2.cr in vhost file or is
>     > there
>     > > > something else that I should be doing
>     > > >
>     > > >
>     > > > Thanks,
>     > > > saibaba
>     > > >
>     > > > Get your own web address.
>     > > >
>     > > > Have a HUGE year through Yahoo! Small Business.
>     > > >
>     > >
>     > >
>     > > depends on your setup, are you trying to host more than one SSL
>     > > enabled
>     > > servername on a single IP address, single NIC, or what?
>     > >
>     > >
>     > > --
>     > > Matthew Farey
>     > >
>     > >
>     > >
>     > >
>     >
>     ---------------------------------------------------------------------
>     > > The official User-To-User support forum of the Apache HTTP Server
>     > > Project.
>     > > See for more info.
>     > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     > > " from the digest: users-digest-unsubscribe@httpd.apache.org
>     > > For additional commands, e-mail: users-help@httpd.apache.org
>     > >
>     > >
>     > > Sucker-punch spam
>     > >
>     >
>     > > with award-winning protection.
>     > > Try the free Yahoo! Mail Beta.
>     > >
>     >
>     >
>     >
>     >
>     >
>     >
>     ---------------------------------------------------------------------
>     > The official User-To-User support forum of the Apache HTTP
>     Server Project.
>     > See for more info.
>     > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     > " from the digest: users-digest-unsubscribe@httpd.apache.org
>     > For additional commands, e-mail: users-help@httpd.apache.org
>     >
>     >
>     >
>
>     -- 
>     Matthew Farey
>
>
>
>     ---------------------------------------------------------------------
>     The official User-To-User support forum of the Apache HTTP Server
>     Project.
>     See for more info.
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     " from the digest: users-digest-unsubscribe@httpd.apache.org
>     For additional commands, e-mail: users-help@httpd.apache.org
>
>
> No need to miss a message. Get email on-the-go
> <http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail>
> with Yahoo! Mail for Mobile. Get started.
> <http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail> 

-- 
Matthew Farey



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message