Re: [users@httpd] SSLCertificateChainFile
You can use a tool like https://www.ssllabs.com/ssltest/ to check the chain (and other settings) or you can use openssl (openssl s_client -showcerts -connect www.example.com:443). As you found, putting the chain in the certificate file should work. - Y On Thu, Jul 19, 2018 at 2:47 PM wrote: > I am putting to together a config for both RH6 and RH7 systems. RH6 used > Apache/2.2.15, RH7 uses Apache/2.4.6. > > I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the > intermediates should be appended to the file that SSLCertificateFile > points to. > > Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the > config is NOT used and instead the intermediates are appended the file > that SSLCertificateChainFile points to as you would in 2.4.8 and greater. > Just thinking that if it will work correctly, the config would be the same > now and when 2.4.8 and greater gets in place. > > We have done this on a test system and it seems to work, however I'm not > sure if we are just fooling ourselves and it isn't even seeing the > intermediates and the client just isn't complaining. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[users@httpd] SSLCertificateChainFile
I am putting to together a config for both RH6 and RH7 systems. RH6 used Apache/2.2.15, RH7 uses Apache/2.4.6. I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the intermediates should be appended to the file that SSLCertificateFile points to. Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the config is NOT used and instead the intermediates are appended the file that SSLCertificateChainFile points to as you would in 2.4.8 and greater. Just thinking that if it will work correctly, the config would be the same now and when 2.4.8 and greater gets in place. We have done this on a test system and it seems to work, however I'm not sure if we are just fooling ourselves and it isn't even seeing the intermediates and the client just isn't complaining. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mutiple IP/Multiple SSL
You can definitely do this. For each VirtualHost, make sure you have ServerName set to the main web site and ServerAlias set for any additional name that the SSL certificate is good for. When a request comes in, Apache compares the SNI information in the request to the ServerName/Aliases that it knows about and uses that to choose which VirtualHost, and therefore which SSL Certificate, to serve. Separately, if you want your sites to have HTTPS, don't use in your configuration. You would likely rather have the server give you an error if mod_ssl is not loaded. - Y On Thu, Jul 19, 2018 at 10:33 AM Robert Earnest Lassiter < robert.lassi...@earnestware.com> wrote: > Cannot determine if it’s possible to run multiple SSL with individual > IP/SSL site on same server(ubuntu). We run multiple domains and would like > to stack these SSL sites if it’s possible. > > No issue multihoming the NIC, no issue multiple domains/server on port 80 > – only issue is apache finding the correct SSL cert. It seems to get > confused and hangs… > > > > Ubuntu – 16.04 > > Apache – > > Server version: Apache/2.4.18 (Ubuntu) > > Server built: 2018-06-07T19:43:03 > > > > > > I’ve tried wild card and setting the ip address > > (example ) > > > > > > > > > > > And > > > > (1.2.3.4 is example) > > > > > > > > > Regards > Robert Earnest Lassiter > > >
[users@httpd] Mutiple IP/Multiple SSL
Cannot determine if it's possible to run multiple SSL with individual IP/SSL site on same server(ubuntu). We run multiple domains and would like to stack these SSL sites if it's possible. No issue multihoming the NIC, no issue multiple domains/server on port 80 - only issue is apache finding the correct SSL cert. It seems to get confused and hangs... Ubuntu - 16.04 Apache - Server version: Apache/2.4.18 (Ubuntu) Server built: 2018-06-07T19:43:03 I've tried wild card and setting the ip address (example ) (1.2.3.4 is example)
