[users@httpd] 2 server certificates
Hello, My network connectivity looks like: setting 1 laptop - corpfirewall - ... - homefirewall - serverbox (httpd 2.4) in this setting, i have a public dns registered hostname autoupdated by my ISP. my homefirewall forwards all traffic https to serverbox. setting 2 samelaptop - sameserverbox (servername.lan - 192.168.1.x) I have generate 2 self-signed certificates, 1 with the 'public hostname' as the CN, and another one with the 'servername.lan' as the CN. I have both certificates in my laptop locally stored. Is it possible to have httpd use the correct certificate depending on where the request comes from? Regards, MM
RE: [users@httpd] 2 server certificates
-Original Message- From: MM Sent: Tuesday, December 23, 2014 8:30 Hello, My network connectivity looks like: setting 1 laptop - corpfirewall - ... - homefirewall - serverbox (httpd 2.4) in this setting, i have a public dns registered hostname autoupdated by my ISP. my homefirewall forwards all traffic https to serverbox. setting 2 samelaptop - sameserverbox (servername.lan - 192.168.1.x) I have generate 2 self-signed certificates, 1 with the 'public hostname' as the CN, and another one with the 'servername.lan' as the CN. I have both certificates in my laptop locally stored. Is it possible to have httpd use the correct certificate depending on where the request comes from? Yes, assuming the IP addresses of the server are different. Using virtual host configuration, you would have the SSL config per IP. Another approach would be to have one certificate with all the names in the cert. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] 2 server certificates
It sounds like you have 1 website, and you want to make sure both public users, and LAN users can see the content. I think it's best to do as Jason suggested an use the public hostname as the CN, and do a subject alt DNS name of the server.lan or you could create DNS records in your lan to resolve the public hostname as the private IP addresses for the lan webserver. You can also access the site by IP Address, if you have a subject alt ip address in there. You will still likely run into certificate trust errors with self signed certs, because all website users will need to install your public key as a trusted certificate. There are free alternatives that will give you a pre-trusted cert. This will allow users to access your site without needing to install trust for your cert. Check out StartSSL https://www.startssl.com/ On Tue, Dec 23, 2014 at 8:30 AM, MM finjulh...@gmail.com wrote: Hello, My network connectivity looks like: setting 1 laptop - corpfirewall - ... - homefirewall - serverbox (httpd 2.4) in this setting, i have a public dns registered hostname autoupdated by my ISP. my homefirewall forwards all traffic https to serverbox. setting 2 samelaptop - sameserverbox (servername.lan - 192.168.1.x) I have generate 2 self-signed certificates, 1 with the 'public hostname' as the CN, and another one with the 'servername.lan' as the CN. I have both certificates in my laptop locally stored. Is it possible to have httpd use the correct certificate depending on where the request comes from? Regards, MM