You could create a single certificate with CN=*.company.ca to use for all
of this. Without a single certificate, you've got a chicken-and-egg
problem described in the FAQ for ModSSL. But if you do have the single
certificate, you can just set up VirtualHost directives appropriately. (I
assume. It's very difficult to keep track of what the software's doing,
when you're describing a situation I don't deal with.)
Client authentication can be done through passwords, or client-side
certificates (may I recommend Thawte for their individual certificates?
Or are we not allowed to on this list?). Passwords are MUCH easier to get
working at first, to make sure it's functional.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
----Begin FurryCode v1.3----
FCWw5amrsw A- C+ D H+++ M+++++[servercoder] P+ R++ T+++ W Z++ Sm++
RLCT/M*/LW* a cl/u/v++++>+++++ !d e- f>++++ h++ iwf+++ j p->+ sm++
----End FurryCode v1.3----
On Mon, 27 Sep 1999, Jon Earle wrote:
> I've got a neat little scenario (you've probably all seen it a hundred
> times, but I'm getting conflicting info from the mailing list archives and
> the FAQ, so I therefore post my confusion here...)
>
> I have a host, www.company.ca, tied to address 192.168.1.2 (it's on the
> protected side of a firewall). This is publicly accessible, with no
> problems. I do have one directory tree within www.company.ca that I'd like
> to have encrypted when viewed, but the rest can be unencrypted. (I have no
> need for authentication, encryption will fill all of my needs.) I also have
> a webmail virtualhost (mail.company.ca) setup on the same IP.
>
> Now, I presume that for the two hosts, mail.company.ca and www.company.ca,
> I'll need two certificates. No problem, played with openssl today, made
> myself a CA and created two nicely signed certs. I'd rather not use a
> second IP for the virtual host, but instead, figure out a way to use the
> www.company.ca cert to protect the specific directory I want, and use the
> mail.company.ca cert to encrypt the mail traffic. Is there some
> incantation of Apache+mod_ssl directives that will accomplish this?
>
> TIA!
>
> Cheers!
> Jon
> -----------------------------------------------------------------
> Jon Earle (613) 751-4948 (Pager)
> HUB Computer Consulting Inc. (613) 830-1499 (Office)
> http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
>
> "God does not subtract from one's alloted time on Earth,
> those hours spent flying." --Unknown
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
