httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chirouze Olivier" <olivier.chiro...@volvo.com>
Subject RE: [users@httpd] SSL Certificate on Intranet Virtual Host
Date Fri, 26 Jan 2007 12:55:40 GMT
Hi,

This is my first contribution to the list so please don't be too rude if
I'm wrong ;-)

But I think we have the same situation here:

Onename.server.com/
Othername.server.com
Somethingelse.server.com

And our SSL certificate is for *.server.com

** WE ** did provide this certificate from ** our own ** certificate
authority (not from Verisign or else).
That's what causes a warning to pop up ("the certificate can't be
verified)

If you're in the same situation, you need to provide your clients with
the certificate of the certificate authority. This should be a .crt file
that you can publish on http => this way, clients can just access the
url (http://Onename.server.com/thecertificate.crt,
http://Othername.server.com/thecertificate.crt, etc.) and the web
browser (IE or Firefox at least) will automaticaly suggest to import the
certificate of the certificate authority => do this once and you'll
never have the warning anymore.

Hope I helped,

Olivier 


Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology

-----Original Message-----
From: Serge Dubrouski [mailto:sergeyfd@gmail.com] 
Sent: 25 January 2007 19:56
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSL Certificate on Intranet Virtual Host

For SSL it won't work because SSL session gets established before URL is
parsed.

On 1/25/07, Rob Sterenborg <rob@sterenborg.info> wrote:
> php@swimwebs.com <mailto:php@swimwebs.com> wrote:
> > I run several intranet sites for our company on a linux
> > server using VirtualHosts.  I've created a wildcard SSL
> > certificate for our intranet sites which work when I browse
> > to the fully qualified domain name (i.e.
> > https://home.domain.org) but most of our users use the short
> > name to get around (https://home) which causes a security
> > warning.  Is there a way to fix this or am I doomed to
> > require users to use the fully qualified domain name?
>
> Perhaps you can use a rewrite rule to point the to the FQDN.
> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond
>
> This may or may not work for you; I'm not exactly a rewrite-guru, but
> *something* along these lines is what I'm using to do some rewriting
> (and this is my only experience with it):
>
> <Directory ...>
>         RewriteEngine on
>         RewriteCond %{SERVER_NAME} !^<Your_FQDN>$
>         RewriteRule ^.*$ https://<Your_FQDN>%{REQUEST_URI} [L,R]
>         ...
> </Directory>
>
>
> Grts,
> Rob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message