Apache with Mod_SSL and multiple certificates
Hi - My apache system is running 1.3.20 with mod_ssl 2.8.4. I have one NIC in the system, does anyone install multiple digital certificates on the single NIC? If so, please advise how, what is the trade off? Thanks for any information. - Ming Yu - System Engineer - APL __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache with Mod_SSL and multiple certificates
At 10:27 AM -0500 11/2/01, Yu, Ming wrote: Hi - My apache system is running 1.3.20 with mod_ssl 2.8.4. I have one NIC in the system, does anyone install multiple digital certificates on the single NIC? If so, please advise how, what is the trade off? Thanks for any information. Depends on what you mean. If you mean can you have multiple SSL sites on a system with a single NIC, the answer is yes, assuming you are using IP-based virtual hosts (name based will NOT work). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ A society that will trade a little liberty for a little order will lose both and deserve neither __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache with Mod_SSL and multiple certificates
I have one NIC in the system with Static IP address, How do I create multiple virtual sites, and each site has its own digital certificate. Can any one give me an example. Thanks in advance. - Ming -Original Message- From: Jim Jagielski [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 10:46 AM To: [EMAIL PROTECTED] Subject: Re: Apache with Mod_SSL and multiple certificates At 10:27 AM -0500 11/2/01, Yu, Ming wrote: Hi - My apache system is running 1.3.20 with mod_ssl 2.8.4. I have one NIC in the system, does anyone install multiple digital certificates on the single NIC? If so, please advise how, what is the trade off? Thanks for any information. Depends on what you mean. If you mean can you have multiple SSL sites on a system with a single NIC, the answer is yes, assuming you are using IP-based virtual hosts (name based will NOT work). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ A society that will trade a little liberty for a little order will lose both and deserve neither __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache with Mod_SSL and multiple certificates
If this is a unix system look at multihoming your NIC. This can be done via multiple ifconfig commands. However, If these are to be a publically accessible sites then these IP addresses must map through to your external internet connection. If these are internal addresses, you should probably get them recorded in your internal dns. Why all this trouble? With SSL everything is encrypted. The only way an SSL server can get the correct certificate is to use the IP address and then use the certificate on that IP address. David Marshall -Original Message- From: Yu, Ming [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 10:21 AM To: '[EMAIL PROTECTED]' Subject: RE: Apache with Mod_SSL and multiple certificates I have one NIC in the system with Static IP address, How do I create multiple virtual sites, and each site has its own digital certificate. Can any one give me an example. Thanks in advance. - Ming -Original Message- From: Jim Jagielski [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 10:46 AM To: [EMAIL PROTECTED] Subject: Re: Apache with Mod_SSL and multiple certificates At 10:27 AM -0500 11/2/01, Yu, Ming wrote: Hi - My apache system is running 1.3.20 with mod_ssl 2.8.4. I have one NIC in the system, does anyone install multiple digital certificates on the single NIC? If so, please advise how, what is the trade off? Thanks for any information. Depends on what you mean. If you mean can you have multiple SSL sites on a system with a single NIC, the answer is yes, assuming you are using IP-based virtual hosts (name based will NOT work). -- === Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ A society that will trade a little liberty for a little order will lose both and deserve neither __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Mod_SSL - with multiple certificates
Hello - I am new to mod_ssl. I have a question about serving multiple digital certificates on a server. The server I have is a Solaris box with apache 1.3.14 and latest Mod_ssl. I understand that only one certificate can be installed on one IP address, even the server has many name based Virtual host. Does any one have an example of httpd.conf file. Thanks. Ming Yu ?? === Enterprise Communications Group - BIX JHU Applied Physics Laboratory Telephone: 443 778-7117 Fax: 443 778-5727 Email: [EMAIL PROTECTED] === __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problems with multiple certificates
I am currently running an apache server on Linux with two c-names. I am trying to use a different certificate for each c-name. I ran "make certificate TYPE=test" twice to get two test certificates, one for each . The module is working fine. When I go to the first c-name, it just gives me the ol' "CA not valid", however when I go to the second c-name, it's using the certificate from the first. I checked my httpd.conf settings and each c-name is pointing at a different Cert and Key file. I can't think of anywhere else to check settings. If anyone else has done this, or someone sees a point of ignorance in my logic, I would appreciate and information you might have. Thanks in advance. Wes Wes Campbell Programmer II ACS Unix Group Academic Computing Services Texas Tech University __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problems with multiple certificates
On Fri, Apr 21, 2000 at 11:11:23AM -0500, Wes Campbell wrote: I am currently running an apache server on Linux with two c-names. I am trying to use a different certificate for each c-name. I ran "make certificate TYPE=test" twice to get two test certificates, one for each . The module is working fine. When I go to the first c-name, it just gives me the ol' "CA not valid", however when I go to the second c-name, it's using the certificate from the first. I checked my httpd.conf settings and each c-name is pointing at a different Cert and Key file. I can't think of anywhere else to check settings. If anyone else has done this, or someone sees a point of ignorance in my logic, I would appreciate and information you might have. Thanks in advance. It really is quite simple - cnames and server certificates don't go very well together. The problem is that the server certificate is sent to the client during the initial SSL handshake, long before the client can tell the server which virtual host it wants. That's the way the SSL spec is. The only way to do it is to have one ip for each server certificate. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Multiple Certificates?
On Wed, Mar 10, 1999, Juergen Rensen wrote: Do you mean whether a single Apache instance can run more than one virtual host and each of those virtual hosts with a different certificate (answer would be: yes) Oh?! Does this imply that you can have multiple virtual SSL hosts hanging off the same IP address? No, I'm just talking about virtual hosts and implicitly assumed that this in SSL-context always means IP-based. In other words: The virtual hosts cannot share the same IP, of course. There was a discussion some time ago, and as far as I remember you could only have one SSL site per IP address, is that not true? Yes and no. Yes in general, no when you take TCP ports into account, too. Because the IP:Port is actually what has to be unique, i.e. you can use two HTTPS servers without problems on IP:443 and IP:8443, of course. I tried to setup virtual SSL hosts on the same IP address, but Apache always returned one and the same default site. Has this changed? No, this cannot be changed. It's the chicken and egg problem HTTP over SSL/TLS always will have unless the SSL/TLS protocol provides information similar to the Host: header of HTTP. But because that can be considered to be not really belong to the SSL/TLS layer it will be never added to TLS, I think. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]