Hi *,
Certainly you can configure Apache to use virtualHosts based on domain
names,
and this works perfect with HTTP (1.1). However, this cannot be achieved using
SSL, and the answer is simple, the SSL is established using the server IP, and
during the SSL negotiation (handshake), there is no mention to
servername/domain, the server certificate/private keys are used during the
negotiation, and Apache needs to know what certificate is going to use (and
the virtual host must choose the certificate before even know what virutalhost
name the client is referring to). After the SSL negotiation, the client will
send the HTTP request with the "host" clause (the host contains the domain
name of the server), but the certificate has been used in the negotiation.
In few words, first the SSL is negotiated and then the virtualhost is
selected.
With this in mind, the only options for running multiple virtual host
with
SSL are: assigning multiples IPs to the server or running each instance in a
different port.
Regards,
Hecber
-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of oh...@cox.net
Sent: Monday, November 16, 2009 9:00 AM
To: openssl-users@openssl.org
Cc: Lou Picciano
Subject: Re: how to merge multiple public domain certs into one file?
Hi,
Unless I'm misunderstanding things, you *can*, by using ServerName inside each
of the <VirtualHost> sections:
http://httpd.apache.org/docs/2.0/vhosts/name-based.html
Jim
---- Lou Picciano <loupicci...@comcast.net> wrote:
> I didn't think it possible to server multiple virtual SSL domains from one
> Apache instance (on the same IP, at least).
> I suppose if you use different IP numbers this constraint goes away. Has
> something changed about Apache in this regard?
>
>
> Then, you have the matter of: If each virtual SSL domain setup must
> reference its own cert(s), how would this be accomplished if all your certs,
> for all domains, were consolidated into one big file?
>
>
> Lou Picciano
>
> ----- Original Message -----
> From: "M C" <migua...@gmail.com>
> To: openssl-users@openssl.org
> Sent: Saturday, November 14, 2009 12:56:09 PM GMT -05:00 US/Canada Eastern
> Subject: how to merge multiple public domain certs into one file?
>
> Hi...
> I've been struggling with how to concatenate multiple public domain certs
> into one crt file.
>
> Basically, I have 5 SSL virtual host domains running on 1 apache httpd
> server and each host has a separate GeoTrust domain certificate. Instead of
> having 5 individual public *.crt files, is there anyway to merge them
> together into 1 file.
>
> Any information would be much appreciated.
>
> Thanks in advance,
> Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME cryptographic signature
