httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject Re: [users@httpd] Virtual Hosts and SSL Config: Hoist Common Directives Above Server Blocks? [SOLVED]
Date Tue, 11 Sep 2012 09:38:17 GMT
On Mon, Sep 10, 2012 at 10:00 PM, Igor Cicimov <icicimov@gmail.com> wrote:
> On Sun, Sep 9, 2012 at 10:57 PM, Tom Browder <tom.browder@gmail.com> wrote:
>>
>> I'm trying to clean up my conf files after getting an all-SSL server
>> with several virtual hosts working.
...
>> Can I hoist the common SSL cert. stuff out of the server blocks to a
>> higher, common block like this:
>>
...
> Put all the common commands in a file and use Include statement to call that
> file in each of the virtual host.

Thanks, Igor, but the include idea is not what I wanted.  I wanted to
avoid even that boilerplate if possible.  I bit the bullet and tried a
bit at a time and have been able to do all I wanted EXECPT I had to
leave the "SSLEngine on" in the vhost blocks (the Apache 2.4 docs
indicate that is best--and the other option caused an Apache abort).
So this works fine for me (Apache 2.2.14):

<IfModule mod_ssl.c>
   SSLCertificateFile         /path/to/server.crt
   SSLCertificateKeyFile   /path/to/server.cert.key.unsecure
   SSLCertificateChainFile /path/to/class2.server.ca.pem
</IfModule>

# virtual host blocks follow

Note that I still put this directive in vhost blocks since the CA cert
files vary by server for client certificates:

  SSLCACertificateFile    /path/to/ca.pem

Best,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message