[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sg-dc
Subject:    RE: [sg-dc] Multi-port SSL certificate??
From:       Steve Bernard <sbernard () gmu ! edu>
Date:       2003-04-07 14:10:21
[Download RAW message or body]

Dodge,

Good point, thanks for bringing it up. The box is using mod_ssl, version
2.8.12.

Thanks,

Steve


-----Original Message-----
From: M. Dodge Mumford [mailto:dodge@dmumford.com]
Sent: Monday, April 07, 2003 6:35 AM
To: Steve Bernard
Cc: SecurityGeeks
Subject: Re: [sg-dc] Multi-port SSL certificate??


Steve Bernard said:
> We have a box with a single IP address and a single DNS name, running
> multiple instances of Apache, each of which services a separate instance
of
> a database, i.e. QA, Test, Development.
>
> For example, 'foo.gmu.edu:5555', 'foo.gmu.edu:5556', ...
>
> Is it possible to have a single SSL certificate, for 'foo.gmu.edu' that
can
> be simultaneously used by all instances of Apache running on the box
> regardless of port? I had thought that this would work, as long as the IP
> and DNS name are the same, but one of our Sun engineers told me that it
> wouldn't work on their boxes. I've haven't been able to find a conclusive
> answer on the 'Net. Software versions are Apache 1.3.x and OpenSSL 0.9.6x,
> running on Solaris 8.

You didn't mention whether you were using mod_ssl or apache-ssl. :-) It's
been a long time since I've played with apache-ssl, but with mod_ssl, the
answer should be yes. In each of the VirtualServer directives, there are
SSLCertificateFile and SSLSSLCertificateKeyFile directives (and others).
Setting them to point to the same place should get you what you want.


--

Dodge


_______________________________________________
sg-dc mailing list
sg-dc@securitygeeks.com
http://securitygeeks.shmoo.com/mailman/listinfo/sg-dc
[prev in list] [next in list] [prev in thread] [next in thread]