multiple SSL instances with aliased IPs
am 24.11.2003 16:47:52 von John
Hello modssl-users
I'm stuck... I have an understanding of how apache and ssl works but I
am having troubles in finding a way to set up this server. Most of the
searches I do seem to point to the fact that virtual name based hosting
will not work with multiple ssl. TYhis I understand.
I have a freebsd 4.9-current server running apache+mod_ssl-1.3.29+2.8.16
What I want to accomplish is the following, all on one server:
1. One http-only server serving all my domains.
2. One https server for *each domain* which has its *own IP*
I can easily alias IPs within my range to the servers NIC. This has
alreadu been done. I can also run the virtual name based server, and it
functions fine.
What I don't know how to do, and I haven't found a link for yet, is to
1. start multiple instances of https, each with its *own config file*
2. make custom ssl certificates *for each SSL server*
Each domain name has its own userspace.
Can anyone help me here?
Thanks
--
John - jfm@reiteration.net - http://www.reiteration.net/~jfm
For PGP public key finger jfm@reiteration.net or see webpage
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE: multiple SSL instances with aliased IPs
am 24.11.2003 17:12:45 von Boyle Owen
>-----Original Message-----
>From: John [mailto:lists@reiteration.net]
>
>I'm stuck... I have an understanding of how apache and ssl works but I
>am having troubles in finding a way to set up this server. Most of the
>searches I do seem to point to the fact that virtual name based hosting
>will not work with multiple ssl. TYhis I understand.
Thank goodness...
>I have a freebsd 4.9-current server running=20
>apache+mod_ssl-1.3.29+2.8.16
>What I don't know how to do, and I haven't found a link for yet, is to=20
>1. start multiple instances of https, each with its *own config file*
This is simple enough; you just run httpd with the "-f" switch. This
allows you to define the config file at run-time. So you'd have
something like:
../httpd -f ../conf/ssl_1.conf
where ssl_1.conf contains:
Listen 192.168.1.1:443
DocumentRoot /path/to/ssl_1/docs
SSLCertificateFile /path/to/ssl_cert_1.crt
etc..
And repeat for each SSL host.
Alternatively, you can do all this in your main instance of apache by
using IP-based virtual-Hosts (I'm not sure you're aware of this), eg:
Listen 192.168.1.1:443
DocumentRoot /path/to/ssl_1/docs
SSLCertificateFile /path/to/ssl_cert_1.crt
etc..
Listen 192.168.1.2:443
DocumentRoot /path/to/ssl_2/docs
SSLCertificateFile /path/to/ssl_cert_2.crt
etc..
This won't interfere with your HTTP VHs in the same config (they are all
distinct at the TCP/IP layer).
>2. make custom ssl certificates *for each SSL server*
This is documented, although it's a bit tricky:
- first make your own Certificate Authority cert
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29)
- then make a certificate signing request for your site
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28) and sign it with the
CA you made above (ie skip the last bit where you send it to Verisign)
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
>Each domain name has its own userspace.
>
>Can anyone help me here?
>
>Thanks
>
>--=20
>John - jfm@reiteration.net - http://www.reiteration.net/~jfm
>For PGP public key finger jfm@reiteration.net or see webpage
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss =
Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
pr=E9sent e-mail est un message priv=E9 et personnel, sans rapport avec
l'activit=E9 boursi=E8re de la SWX Swiss Exchange.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Re: multiple SSL instances with aliased IPs
am 25.11.2003 17:42:36 von John
On Mon, Nov 24, 2003 at 05:12:45PM +0100, Boyle Owen wrote:
[snip loads]
Many thanks for your quick response. I shall try your suggestions
tonight.
cheers
--
John - jfm@reiteration.net - http://www.reiteration.net/~jfm
For PGP public key finger jfm@reiteration.net or see webpage
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org