saibaba Duggirala wrote: > What if the second cert we took from a diff company > In general the server should be able to support multiple CA > certificate files right?Our web browsers does that now -isn't it > -correct me please if I am wrong > Limitation of Apache, 1 SSL vhost per IP.
BUT this article does explain how to get round it, hence why I sent it to you: http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources you could use another port as well. > so in vhost.conf for scurehttps the following should be able to work > -right > #old one > SSLCACertificateFile conf/ssl/nsm_ca.crt > #new one > SSLCACertificateFile conf/ssl/Commercial_CPE_Root_Cert.pem > > #these are left as before > SSLCertificateFile conf/ssl/nsm.crt > SSLCertificateKeyFile conf/ssl/nsm.key > SSLCertificateChainFile conf/ssl/nsm.crt > > */matt farey <[EMAIL PROTECTED]>/* wrote: > > > > [EMAIL PROTECTED] wrote: > > > > Why would you need to support both SSL certificates? From what I've > > seen (at least with Verisign) when you renew a certificate, it adds > > the renewal period to the end of your current expiration period, but > > is valid from the date you renew! As soon as you get the new > > certificate, you should be able to use it. You don't need to > wait for > > the old one to expire to do the swap. > > > > > good point! > > > > Please respond to users@httpd.apache.org > > > > To: users@httpd.apache.org > > cc: (bcc: Dan Mitton/YD/RWDOE) > > Subject: Re: [EMAIL PROTECTED] Re: adding multiple > > SSLCACertificateFile in vhost.conf > > > > > > LSN: Not Relevant > > User Filed as: Not a Record > > > > > > > > saibaba Duggirala wrote: > > > yes, more than one SSL enabled > > > servername on a single IP address, single NIC > > > > > > The cureent certificate is expiring in couple of months so we > want to > > > seamleesly support the current one until it expires along with > the new > > > one > > > > > > > > as far as I am aware SSL certs cannot be combined on a single > IP, you > > need to either use 2 NICs or use IP aliasing to bind 2 IP > addresses to a > > single NIC, and then in your vhost conf you can set up the certs one > > each per IP, here's a short article: > > > > http://www-128.ibm.com/developerworks/web/library/wa-multissl.html#resources > > matt > > > > > */matt farey /* wrote: > > > > > > > > > > > > saibaba Duggirala wrote: > > > > hi, > > > > can anyone please let me know what is the procedure to add > > multiple > > > > SSLCACertificateFile in vhost.conf in apache > > > > > > > > So far we have been using only one file, shown below in > vhost.conf > > > > SSLCACertificateFile conf/ssl/nsm_ca1.cr > > > > > > > > We would like to use another root certificate along with the > > > above one > > > > , so is it as simple as adding another line like above > > > > SSLCACertificateFile conf/ssl/nsm_ca_2.cr in vhost file or is > > there > > > > something else that I should be doing > > > > > > > > > > > > Thanks, > > > > saibaba > > > > > > > > Get your own web address. > > > > > > > > Have a HUGE year through Yahoo! Small Business. > > > > > > > > > > > > > depends on your setup, are you trying to host more than one SSL > > > enabled > > > servername on a single IP address, single NIC, or what? > > > > > > > > > -- > > > Matthew Farey > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > The official User-To-User support forum of the Apache HTTP Server > > > Project. > > > See for more info. > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > " from the digest: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > Sucker-punch spam > > > > > > > > with award-winning protection. > > > Try the free Yahoo! Mail Beta. > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > Server Project. > > See for more info. > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > " from the digest: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > Matthew Farey > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > No need to miss a message. Get email on-the-go > <http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail> > with Yahoo! Mail for Mobile. Get started. > <http://us.rd.yahoo.com/evt=43910/*http://mobile.yahoo.com/mail> -- Matthew Farey --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
