httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [users@httpd] Problems with dynamically generating certificate...
Date Tue, 30 Dec 2008 22:08:58 GMT
I would wish to dynamically generate a certificate for each request.

I tried with:

SSLCertificateFile prg:/usr/bin/certgenerate

I also tried:

SSLCertificateFile |/usr/bin/certgenerate


SSLCertificateFile exec:/usr/bin/certgenerate

But nothing works, it just generates error messages and does not allow the server to start.

How can I specify a certificate dynamically for each request?

(certgenerate fetches the certificate from the original IP, extracts the DN and then creates
a new certificate out of this. Then it signs the certificate with my private key, and then
prints the completed certificate on STDOUT)

Im currently using Apache as a transparent forward proxy, and to enable virus scanning of
SSL traffic, I have configured it to pass SSL traffic unencrypted to a parent proxy which
scans traffic for viruses, and this parent then forwards traffic to a another port of apache
(a separate virtualhost), that converts the traffic back to SSL and sends it out the internet.

The problem is that this generate a security warning in the browser, even when the CA root
is imported. This because the DN host name does not match the real host name, and using a
DN of "*" or something like that dosen't help.

I need to dynamically create and sign certificates for each request, so the DN always stays

If this isn't possible, make this a feature request.

Some users would like the possible to dynamically generate a certificate. Especially users
who wants to set up a SSL proxy, OR users that is managing a large number of IPs for example
a large webhosting and want to dynamically fetch a certificate from a folder, based on the
SERVER_ADDR header, instead of configuring about lets say 200 virtualhosts (one for each IP
and certificate).

Scanned with Copfilter Version 0.84beta3a (ProxSMTP 1.7)
AntiVirus: ClamAV 0.91.2/8814 - Tue Dec 30 09:43:21 2008
AntiVirus: AVG 7.5.51, engine 442 269.21.0/1296  2008-02-24
by Markus Madlener @

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message