I think the complication is that he's going to have to use the virtual hosts stuff so that the correct certificate can be returned to each connection, and that this means he's going to have to have two different IP addresses, since there will be no way to determine WHICH certificate to send.
This is due to the chicken-and-egg problem of having to know which certificate to send WHEN THE CONNECTION IS OPENED, BEFORE ANY SUBMISSION HEADERS CAN BE READ.
So what he needs is:
Two different IP addresses.
Two different virtual hosts. In Apache they would be identical except for the SSLCertificateFile directive.
Bernhard Froehlich wrote:
David Smead schrieb:
I think you're on the wrong list. Using OpenSSL you can make as many certificates as you like. But I think your question is about using certificates in an application like SSHD or HTTPS, which would be more appropriate in that application's mailing lists.Greetings,
I'm running Debian testing.
I have a machine with two static IPs, presently on one NIC using a virtual
interface. I'd like to make two self-signed certs, one per IP. Is this
possible given that the machine only has one hostname?
If it matters, the two IPs differ by just the last digit, but one IP is a .com, and the other is a .net.
If necessary I can put in a second NIC so that there would be different
MACs.
[...]
At least you should tell us which application you are talking about. ;)
Ted ;)
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
