The following resource may help:
http://wiki.cacert.org/wiki/VHostTaskForce
http://marc.theaimsgroup.com/?l=openssl-users
http://www.cacert.org/
I recently set up a certificate authority, import my CA certificate into the
browser, and attempt to use that CA certificate to sign for *.domain.com and
*.*.domain.com. My experiment with *.*.domain.com failed. MSIE does not
support it. But I learned that if you have a certificate with ability to
sign other certificates (or use CAcert.org), you put all of your hostnames
into one certificate, sign it, consolidate all of your virtualhosts into
one. I have not use CAcert to sign a *.*.domain.com, so if you succeed, and
if MSIE support it, please let me know. I know that *.*.domain.com is a
violation of RFC3280 but I don't understand why.
Khai
From: <[EMAIL PROTECTED]>
Reply-To: users@httpd.apache.org
To: <users@httpd.apache.org>
Subject: AW: [EMAIL PROTECTED] Problems with several ssl-certs and dyndns
machine
Date: Thu, 16 Feb 2006 12:48:00 +0100
The description what you gave is the case if you have running several
SSL-Host on the same ip-adress but with different names. Without SSL you
can do this but with SSL each Host need its own ip address.
If this is not the case, than you should post the host parts of your
config.
look more at
http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html
* Name-based virtual hosting cannot be used with SSL secure servers
because of the nature of the SSL protocol.
bye
oliver
-----Ursprüngliche Nachricht-----
Von: Jochen Kaechelin [mailto:[EMAIL PROTECTED]
Gesendet: Do 16.02.2006 12:24
An: Apache Users Mailing List
Betreff: [EMAIL PROTECTED] Problems with several ssl-certs and dyndns machine
I run a small webserver (dyndns machine) and several
vhosts running on port 443.
I created a *.crt, *.csr and *.key file for each host.
.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ahost.crt
SSLCertificateKeyFile /etc/apache2/ssl/ahost.key
.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/bhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/bhost.key
.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/chost.crt
SSLCertificateKeyFile /etc/apache2/ssl/chost.key
.
My problem is that each vhost displays the certificate of vhost ahost.
I need to stop ahost and bhost to display chost with the correct cert.
Whats wrong here?
--
fvgi242ss - Webmaster wlanhacking.de
http://mail.wlanhacking.de/cgi-bin/mailman/listinfo/wlanhacking
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]