Two different physical hosts + IPs, one cert

Two different physical hosts + IPs, one cert

am 12.09.2005 20:44:34 von Chris de Vidal

I am going to install two different servers in two different physical loc=
ations
which would necessitate two different IPs. I will use multiple identical=
DNS A
records to round-robin traffic like this:
1.1.1.1 -> example.com
2.2.2.2 -> example.com

I'm just not sure about SSL; can I create one certificate pointing to one
hostname? I would think so, as openssl req asks for the hostname only; n=
o IPs.
But I wanted to be certain.

CD
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Two different physical hosts + IPs, one cert

am 12.09.2005 20:57:03 von Cliff Woolley

The certificate refers to the host by name, not by IP address. So as
long as the two hosts have exactly the same FQDN, then you should be
fine.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

SSLVerifyClient, 2 domains, 1 localhost, JVM1.4

am 13.09.2005 11:18:46 von john doe

Hi everyone,

I'd be very gratefull if someone could help me on this one.

I set up my apache/ssl server in order to have strong authentication.

The reason of my problems comes from the fact that I use a JVM 1.4 :
when I try to download a specific module, the JVM will try to ask a
client certificate. Since the certificate is stored in the browser
keystore (and not in the JVM keystore), the download fails...
It works all fine when I use a JVM 1.3 : applets cannot be loaded with
JRE1.4 when SSL Client Authentication is required by webserver.

I only use one IP for my secured domain : https://localhost:666/ and I
try to use different virtual hosts, but it didn't work.

I also tried to use a tab and to specify not ask a
certificate by saying : SSLVerifyClient none.
But it didn't work either.

I'll take whatever you have to offer as an anwser...

Thx !!
ad
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org