httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Hernandez <apa...@mac-specialist.com>
Subject Re: [users@httpd] Re: Re: SSL and virtual hosts
Date Tue, 19 Jun 2007 04:50:02 GMT

On Jun 18, 2007, at 12:52 AM, Totte wrote:

> And as Bill states above one can have a cert (bought from GoDaddy.com)
> allowing several subdomains to use the same ssl cert.
> My question is if anyone knows how to create it on your own?

If you are going to create the certificates on your own, (self signed  
certificates) then all you need is one default certificate, and  
assign the same certificate to each sub-domain...

I have two domains, and one sub-domain with certificates from  
RapidSSL, and two test domains with self signed certificates, since  
my purpose with the test domains is merely to encrypt communications  
for testing, and I don't need to prove to myself that I am who I say  
I am...

The reason I suggested the "6 in 1" from GoDaddy.com was because the  
problem you described the other day was one of sub-domains, even  
though you were describing them as domains.

If you are using name-based virtual hosting, it doesn't matter  
because only the certificate for the first virtual host will be  
correct anyway. If you want individual certificates to work  
correctly, you are going to need to set up ip-based, or port-based  
virtual hosts. If you want to use name-based vh then you will need a  
blanket certificate, but that usually is a fairly expensive proposition.

I have 5 public ip's from Verizon 15/2 MBit Business FIOS which I run  
through a SonicWall TZ 180 Wireless Firewall. It allows me to do a 1  
to 1 NAT from each public ip to a corresponding private ip, then I  
set up Apache to do ip-based virtual hosting and life is swell, but  
in the past I had tried multiple routers, setting up the server to  
listen on multiple public ip's relying on the OS X Server firewall,  
but I never felt completely secure having the servers exposed  
directly to the web. I have only had this SonicWall for about a  
month, but I am extremely happy with it, and it solved my SSL problems.

In the next few days I will buy two more SSL Certificates for the two  
test domains that currently suing self signed certificates, and that  
will make me very happy.

Best Regards,

Bill Hernandez
Plano, Texas



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message