Forum Index Search Forum Register Log in

Runs on XP to Win 10

Current

Download 7.0

Download 7.1 Beta5 upgrade



A donation makes a contribution towards the time and effort that's going in to running this site.

Steffen

Contact:
My mail address is
at the top of the paypal form :

Your donations will help to keep this site alive and well.


Update your links !! November 2016 the forum is at www.apachelounge.com/sambar

In the forum there are links to sambarserver.info,
replace "sambarserver.info" with "apachelounge.com/sambar"
How-to More than one domain with your SSL

 
Post new topic   Reply to topic    Sambar Forum Index -> How-to's & Documentation & Tips
View previous topic :: View next topic  
Author Message
Steffen



Joined: 07 Jun 2004
Posts: 413
Location: Netherlands

PostPosted: Mon 07 Jun '04 20:34    Post subject: How-to More than one domain with your SSL Reply with quote

A nice tip I read at the list from Ken Johanson SambarUser.Ken@onnet.cc

Quote:

In the past, several people (including myself) have asked for a way to get Sambar Server to support multiple SSL certs, for servers that host more than one domain. But it turns out that SSL (x509 version 3, specifically), has built-in support for multiple domains per certifcate!!

Just add the following line to your config/openssl.cnf file, in the [ v3_ca ] section:

subjectAltName = DNS:http://www.test.com,DNS:*.kensystem.com,DNS:*.etc.com

This line adds additional domains that browsers will validate a certificate against. Note the comma-separated-list format ; it allows you to add as many for few as you want. As in the example, you can also use wild card certs.

You need to re-create your certificate after adding that line to openssl.cnf, put the cert into your config/ dir, then restart your server.


I've verified that all modern browsers support this; Mozilla, Firebird, Safari, & IE. Theoretically, older software that uses SSL (email clients, etc) may not have support for this feature. It also does not provide a distinct cert based on IP address (the contemporary ssl binding method), but that's probably not going to be a problem for most of us.

Cheers,

ken
Back to top
View user's profile Visit poster's website

Post new topic   Reply to topic    Sambar Forum Index -> How-to's & Documentation & Tips
Page 1 of 1