Hécber and Lou, Oops. I missed the part in the original post about this being for SSL-enabled VirtualHosts :(...
Sorry for any confusion... Jim ---- "Hécber Córdova" <hcord...@smartmatic.com> wrote: > Hi *, > > Certainly you can configure Apache to use virtualHosts based on domain > names, > and this works perfect with HTTP (1.1). However, this cannot be achieved > using > SSL, and the answer is simple, the SSL is established using the server IP, > and > during the SSL negotiation (handshake), there is no mention to > servername/domain, the server certificate/private keys are used during the > negotiation, and Apache needs to know what certificate is going to use (and > the virtual host must choose the certificate before even know what > virutalhost > name the client is referring to). After the SSL negotiation, the client will > send the HTTP request with the "host" clause (the host contains the domain > name of the server), but the certificate has been used in the negotiation. > > In few words, first the SSL is negotiated and then the virtualhost is > selected. > > With this in mind, the only options for running multiple virtual host > with > SSL are: assigning multiples IPs to the server or running each instance in a > different port. > > Regards, > > Hecber > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] > On Behalf Of oh...@cox.net > Sent: Monday, November 16, 2009 9:00 AM > To: openssl-users@openssl.org > Cc: Lou Picciano > Subject: Re: how to merge multiple public domain certs into one file? > > Hi, > > Unless I'm misunderstanding things, you *can*, by using ServerName inside > each > of the <VirtualHost> sections: > > http://httpd.apache.org/docs/2.0/vhosts/name-based.html > > Jim > > > ---- Lou Picciano <loupicci...@comcast.net> wrote: > > I didn't think it possible to server multiple virtual SSL domains from one > > Apache instance (on the same IP, at least). > > I suppose if you use different IP numbers this constraint goes away. Has > > something changed about Apache in this regard? > > > > > > Then, you have the matter of: If each virtual SSL domain setup must > > reference its own cert(s), how would this be accomplished if all your > > certs, > > for all domains, were consolidated into one big file? > > > > > > Lou Picciano > > > > ----- Original Message ----- > > From: "M C" <migua...@gmail.com> > > To: openssl-users@openssl.org > > Sent: Saturday, November 14, 2009 12:56:09 PM GMT -05:00 US/Canada Eastern > > Subject: how to merge multiple public domain certs into one file? > > > > Hi... > > I've been struggling with how to concatenate multiple public domain certs > > into one crt file. > > > > Basically, I have 5 SSL virtual host domains running on 1 apache httpd > > server and each host has a separate GeoTrust domain certificate. Instead of > > having 5 individual public *.crt files, is there anyway to merge them > > together into 1 file. > > > > Any information would be much appreciated. > > > > Thanks in advance, > > Michael > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
