[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: off topic: Apache ssl configuration.
On Thu, May 11, 2000 at 06:52:04PM +0300, Zohar Friling wrote:
> Hello,
> Please accuse my English, I hope that I will be clear enough.
> I need help to understand the options I have will configuring apache-1.3.6
> + mod_ssl-2.3.11-1.3.6 and a key from verisign.
> unfortunately verisign dosent give match help nor did I found
> some info on HOWTO's.
>
> I am now running my web server on several machines with one key and crt
> file.
> How can we hosts several web servers (difrent domains) on the
> same machines using virtual server.
> The domains names are not from the pattern of *.domain.com which enable
> the use of wiled card key file.
> So I need to use more then one key, crt files.
> How could I achieve that?
> Is It possible?
> If so, How can I configure that.
As a security measure, the domain name in the certificate's CN
(Common Name) parameter must match your domain.
Otherwise, in Netscape, you'll get only one warning screen
(as opposed to about 4 you'll get if your certificate's not
signed by a known CA). Don't know about IE.
Modern browsers can also support wildcards in the CN
(*.domain.com), but I'd guess the certificate authority will
require more money for it (I know Thawte offers this, not sure
about Verisign. Thawte is also more Linux-friendly,
cheaper and even has an IRC technical support room.)
I'd suggest you'll just create some secure.domain.com vhost
and do all your commerce on it. No way around it, since a key
must much the public key, and the public key is digitally-signed
by the CA (and ANY modification will invalidate the signature.)
--
Best regards,
Ilya Konstantinov a.k.a Toastie
[http://toast.demon.co.il]
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il