httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daniel bryan <danbrya...@gmail.com>
Subject Re: [users@httpd] 2 server certificates
Date Tue, 23 Dec 2014 19:11:05 GMT
It sounds like you have 1 website, and you want to make sure both public
users, and LAN users can see the content. I think it's best to do as Jason
suggested an use the public hostname as the CN, and do a subject alt DNS
name of the server.lan or you could create DNS records in your lan to
resolve the public hostname as the private IP addresses for the lan
webserver. You can also access the site by IP Address, if you have a
subject alt ip address in there.  You will still likely run into
certificate trust errors with self signed certs, because all website users
will need to install your public key as a trusted certificate.  There are
free alternatives that will give you a pre-trusted cert. This will allow
users to access your site without needing to install trust for your cert.
Check out StartSSL <https://www.startssl.com/>

On Tue, Dec 23, 2014 at 8:30 AM, MM <finjulhich@gmail.com> wrote:

> Hello,
>
> My network connectivity looks like:
>
> setting 1
> laptop  ->   corpfirewall ->  ... -> homefirewall  ->   serverbox (httpd
> 2.4)
> in this setting, i have a public dns registered hostname autoupdated by my
> ISP.
> my homefirewall forwards all traffic https to serverbox.
>
> setting 2
> samelaptop  -> sameserverbox
>                            (servername.lan  <->  192.168.1.x)
>
> I have generate 2 self-signed certificates, 1 with the 'public hostname'
> as the CN, and another one with the 'servername.lan' as the CN.
>
> I have both certificates in my laptop locally stored.
>
> Is it possible to have httpd use the correct certificate depending on
> where the request comes from?
>
> Regards,
>
> MM
>

Mime
View raw message