Re: Multiple SSL Virtualhosts on Apache 1.3
I just choose one good generic domain, ie: secure.mydomain.com, get that
signed, and put anything that's passing sensitive info(sign-ups, forms,
logins,etc) to that location. I've found it much better to send users
to another domain that has a signed cert. then to keep them in the
domain with an unsigned cert. It saves money too.
On Tue, 2002-11-05 at 04:00, DEFFONTAINES Vincent wrote:
> Greetings,
>
> I managed to create several Virtualhosts on a apache-ssl (1.3) server (same
> IP, same port, several names).
>
> The "trick" is to use the same Certificate for every Virtualhost, which will
> of course generate a warning on browsers, due to certificate not matching
> most of the sites names. But it does work.
>
> For clarity below is an extract of httpd.conf
>
> I am wondering whether anyone else uses that in a production environnment,
> and whether this working is due to a side-effect on the way apache works. I
> didn't find it on any doc nor any howto.
>
> The non-matching {site name/certificate} is indeed a drawback, but maybe can
> be turned around? If I have an official certificate for ssl.foo.com, and I
> use it for foo{n}.ssl.foo.com, maybe it could be "secure enough" for some
> applications? (just like I noticed the HTTPS certiifcate for
> "mail.yahoo.com" is actually signed for "login.yahoo.com")
>
> Since I read several at several places on the Web that it was not possible
> to build several HTTPS VirtualHosts on the same IP/Port, I'd like to add
> this to the discussion.
>
> Your comments will be appreciated.
>
> Vincent
>
>
> *************************
> httpd.conf sample :
>
> <VirtualHost 1.2.3.4:443>
> ServerName ssl1.bar.com
> SSLEngine On
> SSLCertificateFile /etc/apache/certificate/server.crt
> SSLCertificateKeyFile /etc/apache/certificate/server.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog /var/log/apache/ssl1_request_log common
> ErrorLog /var/log/apache/ssl1-error.log
> DocumentRoot /var/www/ssl1/
> </Virtualhost>
>
> <VirtualHost 1.2.3.4:443>
> ServerName ssl2.bar.com
> SSLEngine On
> SSLCertificateFile /etc/apache/certificate/server.crt
> SSLCertificateKeyFile /etc/apache/certificate/server.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog /var/log/apache/ssl2_request_log common
> ErrorLog /var/log/apache/ssl2-error.log
> DocumentRoot /var/www/ssl2/
> </Virtualhost>
> *************************
>
>
>
> .''`. | Vincent Deffontaines
> : :' : Debian GNU/Linux | Network Administrator
> `. `~' http://www.debian.org | Council of Europe
> `-
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: