Re: [users@httpd] multiple SSL certs on one server behind a NAT router

Tue, 12 Sep 2006 10:17:51 -0700 

If it looks like this then it will work perfect for www.foo.com but
won't work for bar com. User will receive an error saying that bar.com
uses certificate for foo.com.

The rool is easy: one cert per one IP.

See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

On 9/12/06, milktoast <[EMAIL PROTECTED]> wrote:


How should this look?

Here the virtual part of my httpd.conf


<VirtualHost _default_:443>

DocumentRoot /home/htdocs/foo
ServerName www.foo.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
# Block TRACE/TRACK XSS vector
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

<LocationMatch "^/">
</LocationMatch>

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl.https/www.foo.com.crt
SSLCertificateKeyFile /etc/ssl.https/www.foo.com.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


NameVirtualHost 192.168.2.10

</VirtualHost>
 <VirtualHost 192.168.2.10>
    ServerName www.foo.com
    ServerAlias foo.com www.foo.com
    DocumentRoot /home/htdocs/foo
    ErrorLog /usr/local/apache/logs/error_log
    </VirtualHost>

<VirtualHost 192.168.2.10>
   ServerName www.bar.com
   ServerAlias bar.com www.bar.com
   DocumentRoot /home/htdocs/bar
   ErrorLog /usr/local/apache/logs/error_log
   </VirtualHost>





Serge Dubrouski wrote:
>
> If both server share one IP using NameVirtualHost feature then there
> is no way to have different certificates for them.
>
> On 9/12/06, milktoast <[EMAIL PROTECTED]> wrote:
>
>

--
View this message in context: 
http://www.nabble.com/multiple-SSL-certs-on-one-server-behind-a-NAT-router-tf2260024.html#a6270424
Sent from the Apache HTTP Server - Users forum at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to