httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Crypto Sal <crypto....@gmail.com>
Subject Re: [users@httpd] Two Name-Based Virtual Hosts : Two SSL Certificates?
Date Sat, 24 Apr 2010 17:01:25 GMT
  On 04/24/2010 11:07 AM, Wang, Mary Y wrote:
> Hi,
>
> I've two name-based virtual hosts defined (two name web sites on a single IP address).
 I only requested one SSL certificate for the main site.   My application is running on the
main site first and goes to the second site when user's click on a specific button. Whenever
the URL points to the second site, Firefox detected the server certificate belongs to a different
site.
>
> Is it a common practice when have two or most name-based virtual hosts running on a single
IP on Apache, request a SSL certificate for EACH host name? If so, do I just add the SSLCertificateFile
and SSLCertificateKeyFile information in the<VirtualHost>  container for the second
site as well?
>
> I'm running on Apache 2.
>
> Any suggestions?
>
> Thanks in advance
> Mary
>


Hi Mary,

Which specific version of Apache are you using? Latest stable is 2.2.15 
in the 2.2 branch and can make use of SNI ( 
http://en.wikipedia.org/wiki/Server_Name_Indication ). Prior to 2.2.12, 
SNI support wasn't there officially.

Are you targeting a specific browser or OS with your Application? If 
platform independent then you will need to do one of the following: 
Separate IPs, Separate Ports on shared IP, use a wildcard cert, or use a 
multi-domain certificate. If you're only allowing Firefox 2.x and higher 
and IE on Vista and Higher, you can go the SNI route.

Easiest method is the Separate IPs route with whatever certificate 
combination you want.

Hope this helps.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message