Hi,
Ok, mod_ssl assume only one server certificate per file (with the
exception of the cacert file), and this is because apache doesn't have any way
to select the best certificate for a particular virtual host, and only one
certificate is assigned for a particular virtual host.
Regards,
Hecber
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of [email protected]
Sent: Monday, November 16, 2009 1:54 PM
To: [email protected]
Subject: RE: how to merge multiple public domain certs into one file?
Hécber and Lou,
Oops. I missed the part in the original post about this being for SSL-enabled
VirtualHosts :(...
Sorry for any confusion...
Jim
---- "Hécber Córdova" <[email protected]> wrote:
> Hi *,
>
> Certainly you can configure Apache to use virtualHosts based on domain
> names,
> and this works perfect with HTTP (1.1). However, this cannot be achieved
> using
> SSL, and the answer is simple, the SSL is established using the server IP,
> and
> during the SSL negotiation (handshake), there is no mention to
> servername/domain, the server certificate/private keys are used during the
> negotiation, and Apache needs to know what certificate is going to use (and
> the virtual host must choose the certificate before even know what
> virutalhost
> name the client is referring to). After the SSL negotiation, the client will
> send the HTTP request with the "host" clause (the host contains the domain
> name of the server), but the certificate has been used in the negotiation.
>
> In few words, first the SSL is negotiated and then the virtualhost is
> selected.
>
> With this in mind, the only options for running multiple virtual host
> with
> SSL are: assigning multiples IPs to the server or running each instance in a
> different port.
>
> Regards,
>
> Hecber
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]
> On Behalf Of [email protected]
> Sent: Monday, November 16, 2009 9:00 AM
> To: [email protected]
> Cc: Lou Picciano
> Subject: Re: how to merge multiple public domain certs into one file?
>
> Hi,
>
> Unless I'm misunderstanding things, you *can*, by using ServerName inside
> each
> of the <VirtualHost> sections:
>
> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
>
> Jim
>
>
> ---- Lou Picciano <[email protected]> wrote:
> > I didn't think it possible to server multiple virtual SSL domains from one
> > Apache instance (on the same IP, at least).
> > I suppose if you use different IP numbers this constraint goes away. Has
> > something changed about Apache in this regard?
> >
> >
> > Then, you have the matter of: If each virtual SSL domain setup must
> > reference its own cert(s), how would this be accomplished if all your
> > certs,
> > for all domains, were consolidated into one big file?
> >
> >
> > Lou Picciano
> >
> > ----- Original Message -----
> > From: "M C" <[email protected]>
> > To: [email protected]
> > Sent: Saturday, November 14, 2009 12:56:09 PM GMT -05:00 US/Canada Eastern
> > Subject: how to merge multiple public domain certs into one file?
> >
> > Hi...
> > I've been struggling with how to concatenate multiple public domain certs
> > into one crt file.
> >
> > Basically, I have 5 SSL virtual host domains running on 1 apache httpd
> > server and each host has a separate GeoTrust domain certificate. Instead of
> > having 5 individual public *.crt files, is there anyway to merge them
> > together into 1 file.
> >
> > Any information would be much appreciated.
> >
> > Thanks in advance,
> > Michael
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
smime.p7s
Description: S/MIME cryptographic signature
