> Is there a way to chose what ssl certs/keys to load when you have > something like > > ServerAlias test.*.* > > So when host test.example.com is serviced, that it will get > > SSLCertificateFile "/etc/pki/tls/certs/example.com.crt" > > > So when host test.example.net is serviced, that it will get > > SSLCertificateFile "/etc/pki/tls/certs/example.net.crt"
A trivial and safe way if you need a solution asap might involve declaring a <vhost> for each host. I’ve not seen globbing/wildcarding like this, and also makes me curious is it possible to get a public key signed by a CA with this globbing pattern? If it’s not, there’s probably a good reason, and it might therefore be a reason to avoid designing it into your configurations. A helpful hint for you is to look at the “context” entry for each directive you want to use in the man pages. SSLCertificateFile, as seen in the mod_ssl man page, has “server config” and “virtual host” contexts listed. This indicates that it can’t be used in an <if> directive. That doesn’t mean it’s not possible to have some idiomatic and/or elegant solution that involves the globbing pattern.
