how to add multiple SSL cert for each virtual host?

hi everyone,

I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.

I have NameVirtualHost 12.34.56.78 and have a list of for
each of our domain, using ServerNamed base aliases, but for the ssl conf it
ain't works. In my ssl.conf in short looks like this:

NameVirtualHost 12.34.56.78:443


ServerName domain1.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



ServerName domain2.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


The problem is that apache does not serve domain2 cert files for domain2, it
uses the first declaration for every https://domainX.com invoke. Does anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?

Thanks in advance for any help.

Regards,
Thomas

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

Multiple SSL certs for name-based virtual hosts aren't possible based upon
the way SSL is designed. Each site requiring a separate cert must have it's
own IP address.

---
Shawn Syms | Systems Administrator
Infinet Communications | shawn.syms@infinetcommunications.com
---



-----Original Message-----
From: Thomas Sandor [mailto:tsandor@rndsoft.com]
Sent: Tuesday, December 03, 2002 1:20 PM
To: modssl-users@modssl.org
Subject: how to add multiple SSL cert for each virtual host?


hi everyone,

I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.

I have NameVirtualHost 12.34.56.78 and have a list of for
each of our domain, using ServerNamed base aliases, but for the ssl conf it
ain't works. In my ssl.conf in short looks like this:

NameVirtualHost 12.34.56.78:443


ServerName domain1.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



ServerName domain2.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


The problem is that apache does not serve domain2 cert files for domain2, it
uses the first declaration for every https://domainX.com invoke. Does anyone
know how to tell apache to uses specific SSL cert I'd like to define for
each of my virtualhosts?

Thanks in advance for any help.

Regards,
Thomas

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

On Tue, 3 Dec 2002, Thomas Sandor wrote:

[SNIP]

>
> The problem is that apache does not serve domain2 cert files for domain2, it
> uses the first declaration for every https://domainX.com invoke. Does anyone
> know how to tell apache to uses specific SSL cert I'd like to define for
> each of my virtualhosts?
>

Yes assign a seperate IP address or port for each domain you wish to host.

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

What?!?!?! Are you absolutely sure about this? SSL certs are based on the
Domain Name,,, NOT the IP address. It stands to reason that it would be
possible for virtual hosts/domains to have their own certs. Perhaps modssl
doesn't support it, but I think that in theory it's possible.

- hawk

At 10:24 AM 12/03/2002, you wrote:
>Multiple SSL certs for name-based virtual hosts aren't possible based upon
>the way SSL is designed. Each site requiring a separate cert must have it's
>own IP address.
>
>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>Sent: Tuesday, December 03, 2002 1:20 PM
>To: modssl-users@modssl.org
>Subject: how to add multiple SSL cert for each virtual host?
>
>
>hi everyone,
>
>I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
>(openssl 0.9.6g).
>Till now I had only one domain for which apache should use SSL cert files
>(crt, key), but for our next project I have to add another SSL cert file a
>specific domain.
>
>I have NameVirtualHost 12.34.56.78 and have a list of for
>each of our domain, using ServerNamed base aliases, but for the ssl conf it
>ain't works. In my ssl.conf in short looks like this:
>
>NameVirtualHost 12.34.56.78:443
>
>
> ServerName domain1.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>
>
>
> ServerName domain2.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>
>
>The problem is that apache does not serve domain2 cert files for domain2, it
>uses the first declaration for every https://domainX.com invoke. Does anyone
>know how to tell apache to uses specific SSL cert I'd like to define for
>each of my virtualhosts?
>
>Thanks in advance for any help.
>
>Regards,
>Thomas
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

Hawk: Here is more info on why did doesn't work:
http://www.ensim.com/support/sxc/faqs/4.10.html

---
Shawn Syms | Systems Administrator
Infinet Communications | shawn.syms@infinetcommunications.com
---



-----Original Message-----
From: Hack Hawk [mailto:hh@hackhawk.net]
Sent: Tuesday, December 03, 2002 3:35 PM
To: modssl-users@modssl.org
Subject: RE: how to add multiple SSL cert for each virtual host?


What?!?!?! Are you absolutely sure about this? SSL certs are based on the
Domain Name,,, NOT the IP address. It stands to reason that it would be
possible for virtual hosts/domains to have their own certs. Perhaps modssl
doesn't support it, but I think that in theory it's possible.

- hawk

At 10:24 AM 12/03/2002, you wrote:
>Multiple SSL certs for name-based virtual hosts aren't possible based upon
>the way SSL is designed. Each site requiring a separate cert must have it's
>own IP address.
>
>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>Sent: Tuesday, December 03, 2002 1:20 PM
>To: modssl-users@modssl.org
>Subject: how to add multiple SSL cert for each virtual host?
>
>
>hi everyone,
>
>I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
>(openssl 0.9.6g).
>Till now I had only one domain for which apache should use SSL cert files
>(crt, key), but for our next project I have to add another SSL cert file a
>specific domain.
>
>I have NameVirtualHost 12.34.56.78 and have a list of for
>each of our domain, using ServerNamed base aliases, but for the ssl conf it
>ain't works. In my ssl.conf in short looks like this:
>
>NameVirtualHost 12.34.56.78:443
>
>
> ServerName domain1.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>
>
>
> ServerName domain2.com
> CustomLog "..."
> ErrorLog "..."
> SSLEngine on
> SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
> SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>
>
>The problem is that apache does not serve domain2 cert files for domain2,
it
>uses the first declaration for every https://domainX.com invoke. Does
anyone
>know how to tell apache to uses specific SSL cert I'd like to define for
>each of my virtualhosts?
>
>Thanks in advance for any help.
>
>Regards,
>Thomas
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

Look at the handshake for SSL. During the name to address translation
phase, you wind up with a chicken-egg scenario if more than one name
shares an address.

Not only is it not possible, it'd be a HUGE security flaw if it WERE
possible.

-dsp

On Tuesday, Dec 3, 2002, at 15:34 US/Eastern, Hack Hawk wrote:

> What?!?!?! Are you absolutely sure about this? SSL certs are based
> on the Domain Name,,, NOT the IP address. It stands to reason that it
> would be possible for virtual hosts/domains to have their own certs.
> Perhaps modssl doesn't support it, but I think that in theory it's
> possible.
>
> - hawk
>
> At 10:24 AM 12/03/2002, you wrote:
>> Multiple SSL certs for name-based virtual hosts aren't possible based
>> upon
>> the way SSL is designed. Each site requiring a separate cert must
>> have it's
>> own IP address.
>>
>> ---
>> Shawn Syms | Systems Administrator
>> Infinet Communications | shawn.syms@infinetcommunications.com
>> ---
>>
>>
>>
>> -----Original Message-----
>> From: Thomas Sandor [mailto:tsandor@rndsoft.com]
>> Sent: Tuesday, December 03, 2002 1:20 PM
>> To: modssl-users@modssl.org
>> Subject: how to add multiple SSL cert for each virtual host?
>>
>>
>> hi everyone,
>>
>> I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with
>> ssl
>> (openssl 0.9.6g).
>> Till now I had only one domain for which apache should use SSL cert
>> files
>> (crt, key), but for our next project I have to add another SSL cert
>> file a
>> specific domain.
>>
>> I have NameVirtualHost 12.34.56.78 and have a list of
>> for
>> each of our domain, using ServerNamed base aliases, but for the ssl
>> conf it
>> ain't works. In my ssl.conf in short looks like this:
>>
>> NameVirtualHost 12.34.56.78:443
>>
>>
>> ServerName domain1.com
>> CustomLog "..."
>> ErrorLog "..."
>> SSLEngine on
>> SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
>> SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
>>
>>
>>
>> ServerName domain2.com
>> CustomLog "..."
>> ErrorLog "..."
>> SSLEngine on
>> SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
>> SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
>>
>>
>> The problem is that apache does not serve domain2 cert files for
>> domain2, it
>> uses the first declaration for every https://domainX.com invoke. Does
>> anyone
>> know how to tell apache to uses specific SSL cert I'd like to define
>> for
>> each of my virtualhosts?
>>
>> Thanks in advance for any help.
>>
>> Regards,
>> Thomas
>>
>> ____________________________________________________________ __________
>> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>> User Support Mailing List modssl-users@modssl.org
>> Automated List Manager majordomo@modssl.org
>> ____________________________________________________________ __________
>> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>> User Support Mailing List modssl-users@modssl.org
>> Automated List Manager majordomo@modssl.org
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

At 12:49 PM 12/03/2002, Shawn Syms wrote:
>Hawk: Here is more info on why did doesn't work:
>http://www.ensim.com/support/sxc/faqs/4.10.html

Aha. That makes sense to me. I noticed this discussion because I was
considering doing this sort of thing in the next month or two. Damn! Now I
have to provide IP addresses for virtual sites that require this support. :(

Thanks for the heads up though.

- hawk

>---
>Shawn Syms | Systems Administrator
>Infinet Communications | shawn.syms@infinetcommunications.com
>---
>
>
>
>-----Original Message-----
>From: Hack Hawk [mailto:hh@hackhawk.net]
>Sent: Tuesday, December 03, 2002 3:35 PM
>To: modssl-users@modssl.org
>Subject: RE: how to add multiple SSL cert for each virtual host?
>
>
>What?!?!?! Are you absolutely sure about this? SSL certs are based on the
>Domain Name,,, NOT the IP address. It stands to reason that it would be
>possible for virtual hosts/domains to have their own certs. Perhaps modssl
>doesn't support it, but I think that in theory it's possible.
>
>- hawk
>
>At 10:24 AM 12/03/2002, you wrote:
> >Multiple SSL certs for name-based virtual hosts aren't possible based upon
> >the way SSL is designed. Each site requiring a separate cert must have it's
> >own IP address.
> >
> >---
> >Shawn Syms | Systems Administrator
> >Infinet Communications | shawn.syms@infinetcommunications.com
> >---
> >
> >
> >
> >-----Original Message-----
> >From: Thomas Sandor [mailto:tsandor@rndsoft.com]
> >Sent: Tuesday, December 03, 2002 1:20 PM
> >To: modssl-users@modssl.org
> >Subject: how to add multiple SSL cert for each virtual host?
> >
> >
> >hi everyone,
> >
> >I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
> >(openssl 0.9.6g).
> >Till now I had only one domain for which apache should use SSL cert files
> >(crt, key), but for our next project I have to add another SSL cert file a
> >specific domain.
> >
> >I have NameVirtualHost 12.34.56.78 and have a list of for
> >each of our domain, using ServerNamed base aliases, but for the ssl conf it
> >ain't works. In my ssl.conf in short looks like this:
> >
> >NameVirtualHost 12.34.56.78:443
> >
> >
> > ServerName domain1.com
> > CustomLog "..."
> > ErrorLog "..."
> > SSLEngine on
> > SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
> > SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"
> >
> >
> >
> > ServerName domain2.com
> > CustomLog "..."
> > ErrorLog "..."
> > SSLEngine on
> > SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
> > SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"
> >
> >
> >The problem is that apache does not serve domain2 cert files for domain2,
>it
> >uses the first declaration for every https://domainX.com invoke. Does
>anyone
> >know how to tell apache to uses specific SSL cert I'd like to define for
> >each of my virtualhosts?
> >
> >Thanks in advance for any help.
> >
> >Regards,
> >Thomas

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

Perhaps including it in the defauly httpd.conf file underr the
directives as commentary might help?

# General setup for the virtual host
# ...name based VHing does not work, you need to...to get this to
# ...work...if you ask this in the modssl-users list, you might
#well be berated for failing to read documentation...

Perhaps putting the information in the README as well as in the INSTALL
docs, tthus putting it in as many places as possible might help?

Thanks,

Ron DuFresne

P.S. this is of course not limiting adding it to the list footer :

> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
> ...name based VHing does not work, you need to...to get this to
> ...work...if you ask this in the modssl-users list, you might
> #well be berated for failing to read documentation...


On Tue, 3 Dec 2002, Cliff Woolley wrote:

[SNIP]

>
> But please, people, this is SUCH a frequently asked question. Definitely
> one of the top three. I wonder if we can't find a better way to document
> this? Anyone have any ideas? I'd say un-hiding it from the FAQ page
> would be a good start... it's a prominent question, give the answer a more
> prominent location.
>
> --Cliff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

On Tue, 3 Dec 2002, Dave Paris wrote:

> Not only is it not possible

With the current state of the SSL protocol such as it is, this is
correct-- it's not possible.

> it'd be a HUGE security flaw if it WERE possible.

Well, not necessarily... all that you would need is for the client to tell
the server which host it *thought* it was contacting, and then the server
would know which vhost to serve the request with and therefore which
certificate to present. That would require the SSL protocol to have the
equivalent of HTTP's Host: header. From there, as long as the certificate
can be verified as authentic, there's no more risk than there would be if
there was a one-to-one mapping between IP and hostname as the current SSL
protocol requires.

But please, people, this is SUCH a frequently asked question. Definitely
one of the top three. I wonder if we can't find a better way to document
this? Anyone have any ideas? I'd say un-hiding it from the FAQ page
would be a good start... it's a prominent question, give the answer a more
prominent location.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

> Aha. That makes sense to me. I noticed this discussion
> because I was
> considering doing this sort of thing in the next month or
> two. Damn! Now I
> have to provide IP addresses for virtual sites that require
> this support. :(

Might not something like this work? It gives you name based virtual hosts
for the http part...


NameVirtualHost 12.34.56.78:80


ServerName domain1.com
Redirect / https://domain1.com:1443



ServerName domain2.com
Redirect / https://domain2.com:1444



ServerName domain1.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain1.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain1.key"



ServerName domain2.com
CustomLog "..."
ErrorLog "..."
SSLEngine on
SSLCertificateFile "/somewhere/ssl.crt/domain2.crt"
SSLCertificateKeyFile "somewhere/ssl.key/domain2.key"


I've just written this from the top of my head, so I don;t know if I didn't
make any syntax errors. But I'll have to try this out someday here, as I'm
going to run into the same problem as you are now.

Greetings,

Krist

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

A whole new error class! RTFM errors and ID-10-T error codes alongside! If
nothing else, it would be thoroughly entertaining!

On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote:
> From: Cliff Woolley [mailto:jwoolley@apache.org]
>
> >But please, people, this is SUCH a frequently asked question.
> >Definitely one of the top three.
>
> I'd say it is THE most frequently asked question (but I can't be
> bothered scanning the archives to prove it :-)
>
> The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> well, but it is rather technical for a newbie and, having been written
> by someone for whom English is a second language, is not as illuminating
> as it might be. I had a go a re-writing it a few years ago
> (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910 170&w=2) so
> maybe we could start there...
>
> However, given the tendency of people to read the instructions only if
> all else fails, putting a warning in the default config sounds like a
> good idea. Putting an error message in the source-code would be even
> better!
>
> Rgds,
>
> Owen Boyle
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: how to add multiple SSL cert for each virtual host?

>From: Cliff Woolley [mailto:jwoolley@apache.org]
>
>But please, people, this is SUCH a frequently asked question.
>Definitely one of the top three.

I'd say it is THE most frequently asked question (but I can't be
bothered scanning the archives to prove it :-)

The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
well, but it is rather technical for a newbie and, having been written
by someone for whom English is a second language, is not as illuminating
as it might be. I had a go a re-writing it a few years ago
(http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910 170&w=2) so
maybe we could start there...

However, given the tendency of people to read the instructions only if
all else fails, putting a warning in the default config sounds like a
good idea. Putting an error message in the source-code would be even
better!

Rgds,

Owen Boyle

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

On Wed, Dec 04, 2002 at 01:17:12PM +0100, Boyle Owen wrote:
> >From: Cliff Woolley [mailto:jwoolley@apache.org]
> >
> >But please, people, this is SUCH a frequently asked question.
> >Definitely one of the top three.
>
> I'd say it is THE most frequently asked question (but I can't be
> bothered scanning the archives to prove it :-)
>
Yeah, I think so too.

> The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> well, but it is rather technical for a newbie and, having been written
> by someone for whom English is a second language, is not as illuminating
> as it might be. I had a go a re-writing it a few years ago
> (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910 170&w=2) so
> maybe we could start there...
>
Yes, I'll add it to the 2.x docs.

> However, given the tendency of people to read the instructions only if
> all else fails, putting a warning in the default config sounds like a
> good idea. Putting an error message in the source-code would be even
> better!
>
I'm pretty sure there already is (at least in 1.3) but that requires
people to read the error_log.

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to add multiple SSL cert for each virtual host?

At 11:26 PM 12/03/2002, Justin Williams wrote:
>A whole new error class! RTFM errors and ID-10-T error codes alongside! If
>nothing else, it would be thoroughly entertaining!

In my defense, I ALWAYS RTFM before asking questions like this. HOWEVER,
in this case, the httpd.conf APPEARS to indicate that this type of
configuration/support should be possible. So, being the curious, technical
type of person that I am, I'd probably just start trying to make it work
even before RTFMing to find that it's not actually supported. MUCH wasted
time if I hadn't stumbled upon this conversation in this group.

I'm of the opinion that it would be "NICE" if there was some info about
this in the httpd.conf file on top of the manual and FAQ's. Note that I
only say it would be "NICE". I'd still end up going to the manual and FAQ
before posting such a question. I certainly don't mind the extra work,
considering the absolutely awesome price of the product. ;)

- hawk

>On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote:
> > From: Cliff Woolley [mailto:jwoolley@apache.org]
> >
> > >But please, people, this is SUCH a frequently asked question.
> > >Definitely one of the top three.
> >
> > I'd say it is THE most frequently asked question (but I can't be
> > bothered scanning the archives to prove it :-)
> >
> > The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very
> > well, but it is rather technical for a newbie and, having been written
> > by someone for whom English is a second language, is not as illuminating
> > as it might be. I had a go a re-writing it a few years ago
> > (http://marc.theaimsgroup.com/?l=apache-modssl&m=98559369910 170&w=2) so
> > maybe we could start there...
> >
> > However, given the tendency of people to read the instructions only if
> > all else fails, putting a warning in the default config sounds like a
> > good idea. Putting an error message in the source-code would be even
> > better!
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any mistransmission.
> > If you receive this message in error, please notify the sender urgently
> > and then immediately delete the message and any copies of it from your
> > system. Please also immediately destroy any hardcopies of the message.
> > You must not, directly or indirectly, use, disclose, distribute, print,
> > or copy any part of this message if you are not the intended recipient.
> > The sender's company reserves the right to monitor all e-mail
> > communications through their networks. Any views expressed in this
> > message are those of the individual sender, except where the message
> > states otherwise and the sender is authorised to state them to be the
> > views of the sender's company.
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org