logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



How-to More than one domain with your SSL

 
Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Mon 24 Jul '06 12:50    Post subject: How-to More than one domain with your SSL Reply with quote

A nice tip I read from Ken Johanson

Quote:

In the past, several people (including myself) have asked for a way to get Apache to support multiple SSL certs, for servers that host more than one domain. But it turns out that SSL (x509 version 3, specifically), has built-in support for multiple domains per certifcate!!

Just add the following line to your openssl.cnf file, in the [ v3_ca ] section:

subjectAltName = DNS:http://www.test.com,DNS:*.kensystem.com,DNS:*.etc.com

This line adds additional domains that browsers will validate a certificate against. Note the comma-separated-list format ; it allows you to add as many for few as you want. As in the example, you can also use wild card certs.

You need to re-create your certificate after adding that line to openssl.cnf, put the cert into your config/ dir, then restart your server.


I've verified that all modern browsers support this; Mozilla, Firebird, Safari, & IE. Theoretically, older software that uses SSL (email clients, etc) may not have support for this feature. It also does not provide a distinct cert based on IP address (the contemporary ssl binding method), but that's probably not going to be a problem for most of us.

Cheers,

ken
Back to top
PipoDeClown



Joined: 20 Dec 2005
Posts: 76

PostPosted: Sat 27 Jan '07 12:10    Post subject: Reply with quote

bumps:

does that mean i could host multiple https sites on my home dsl? (withouth client certificate trouble ofcourse)
Back to top
holziusa



Joined: 02 Jan 2008
Posts: 48

PostPosted: Tue 04 Mar '08 7:22    Post subject: selfsigned ssl, multiple virtual host Reply with quote

hi steffen,
the above worked really well with sambar, not showing any warnings etc

with apache i am not able to acomplish this , is there a new work around for self signed ssl

specs 2.2.8...ssl 0.9.8g
Back to top


Post new topic   Reply to topic    Apache Forum Index -> How-to's & Documentation & Tips
Page 1 of 1