Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How many SSL Certificates needed for SSL sites in one Config file? 1

Status
Not open for further replies.
SirCharles

SirCharles

Programmer
Jun 10, 2002
212
US
Does anyone know if you need more that one certificate where all your ips for ssl are listed in the one Apache config file? Do you need one Cert per secure site specified in the config file, or will one Cert do for the "Main" ServerName, which might then be applied to rest of "ServerName"s in the file? Desired that all should work without user having to, repeatedly, acknowlege Security Alert.
 
Sort by date Sort by votes
I'm not sure what you are asking, but here's some general rules about SSL...

The name of the host in the URL entered into the browser must match the name of the host to which the SSL certificate was issued. For example, if the certificate was issued to and resolves to 10.1.1.1, then any attempt to connect to the server as will cause the browser to pop up an alert saying the cert doesn't match the host name.

HTTPS does not work with sites sharing IP addresses. HTTP 1.1 implements the "Host:" request header, which allows a web server to determine to which site the browser wants to connect when sites share IP addresses (Apache attempts to match the hostname given to a hostname set in a "ServerName" or "ServerAlias" directive). However, the encryption handshake of HTTPS takes place before that "Host" header is transmitted, so the cert is matched to an IP address. If multiple SSL sites share an IP address, the server will generally use the first cert configured on that address -- which means all the other sites will pop up the security alert.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
I've multiple IPs and SSL sites referenced from same config file - one SSL site per IP, but all served from same config file. Was hoping one certificate would do, if it had the name of the "main" ServerName.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
308
Krus1972
Krus1972
SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
839
gbaughma
gbaughma
msk69
  • Locked
  • Question
Certificates 1
Replies
4
Views
316
iggsterman
iggsterman
krabban
  • Locked
  • Question
Dirvish for backup
Replies
0
Views
287
krabban
krabban
spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
268
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top