Hi Kevin, here is a good howto: http://wiki.cacert.org/wiki/CSRGenerator?action=show&redirect=VhostsApache
The best thing is to use the SubAltName Way to set up a vhost because most browser support this. Cheers, Thomas Kevin Murphy wrote: > Hi OpenSSL Users, > > I am setting up an Ubuntu 8.10 LAMP server on a Linode VPS. I have an > older Ubuntu 6.10 vps set up as well that I configured with self signed > certificates and CACert. I would like to set this new server up with a > certificate from Thawte, or Verisign, et el (I'm open to suggestions)... > But, more importantly I was wondering if anyone could clarify something > for me. I am reading conflicting information with regards to ssl certs > and vhosts. > > I came accross a couple "howto" articles for setting up one certificate > that will cover all virtual hosts on a web server... one static IP, one > certificate, multiple sites, lots of saved money! > > One post did this using gnutls, > http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/ > > another post using recompiled Apache and OpenSSL, > http://howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch > > One knowledgable person claimed that the gnutls method would hinder > performance, while a different and more recent post claimed that the > lattest gnutls is now the better way to go. > > These posts are all made in 2006 - 2007, I can't find any recent howto's > or information as to whether OpenSSL or Apache still require recompiling > (I don't have any experience with that, just "apt-get install..." and > configure) or whether this can really be done effectively as the Apache > docs claim it cannot be > (http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts). > > Needless to say, I am new to SSL, CA's, encryption, etc, and would like > to get some clarification on the above points. It would be terrific if > I could use one certificate for multiple hosts. I do realize that folks > with older browsers would still get a security warning, but I think the > ability to have multiple hosts under one certificate would be far more > beneficial! > > Thanks in advace for the help opensslers, > > Kevin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
