httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Crypto Sal <crypto....@gmail.com>
Subject Re: [users@httpd] SSL certificate and multiple names
Date Wed, 11 Aug 2010 22:43:10 GMT
  On 08/10/2010 04:11 AM, Mark Watts wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/08/10 18:22, Hélène Montarou wrote:
>> Hi,
>>
>> I have installed httpd-2.2.3 and I would like to generate a certificate.
>> The machine on which it is installed has an internal name
>> (internal.domain.com) and I would like to use another name for external
>> purpposes (services.external.domain.com).
>> I would like to generate a certificate for the external name
>> (services.external.domain.com).
>> I was wondering where I could configure the name in Linux config file as
>> well as in the httpd config files to make it work.
>> I haven't seen a naming parameter in httpd.config.
>>
>> Would you give me some direction?
>>
>> Thank you,
>>
>> Hélène
>>
>>
> Conventional SSL certificates are tied to a specific "Common Name".
> In Apache terms, this is the same as the hostname you put in the browser
> in order to connect to a given VirtualHost.
> EG: "www.example.com"
>
> If you want two different hostnames, you generally need two different
> certificates. Similarly, you will need a unique IP:port combination for
> each Virtual Host, since the ServerName variable isn't seen by Apache
> until after the SSL handshake.
>
> There are exceptions to this: Wildcard certificates (for
> "*.example.com") and "SNI" are two.
>
> Mark.
>
> - -- 
> Mark Watts BSc RHCE MBCS
>


Mark,

You're forgetting a group in Multi-Domain Certificates (Multi-Common 
Names and Single Common Name, multi-SAN[Subject Alternative Name]). 
These certificates are very common with hosting providers and on 
Exchange 2007+ platforms.

--Sal

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message