Date: Wed, 18 Jul 2001 00:56:04 +0000 (GMT) From: Ryan Thompson <ryan@sasknow.com> To: BSD Freak <bsd-freak@mbox.com.au> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: SSL Certificates Message-ID: <20010718004526.E514-100000@home.sasknow.net> In-Reply-To: <2868b8280d90.280d902868b8@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
BSD Freak wrote to FreeBSD Questions: > Hiya all, > > I need to host multiple SSL sites on my FreeBSD 4.3 box. I am > currently using Apache 1.3 + mod_ssl and am using name based virtual > hosts. I don have a lot of experience with SSL but maybe someone out > ther has. > > My question is do I need a seperate digital certificate for each > virtual host? Going by the Verisign documentation it seems so but is > not 100% clear. You normally need a different digital certificate for each common name (a common name is a complete hostname, like www.yourname.com). Verisign will, however, for a bigger price, issue wildcard certs based on a 2nd level domain, that will match *.yourname.com, for example. Some other cert issuers (like Thawte) offer the same. This assumes you do not want your users to go through the hassle or uncertainty of authorizing a certificate. If you don't care about that, you can self-sign your own certificates and not bother paying a CA, for that matter). And, unfortunately, name based virtual hosting does not work with SSL. Every different SSL virtual host needs a unique IP address. You must use IP-based virtual hosting. If you don't have access to spare IP addresses, virtually hosting multiple SSL sites won't work. > Does anyone know there answer for certain? Been there, done that, got the bigger netblock, so yes, quite certain. :-) - Ryan > > Thank in advance... > > --------------------------------------------- > Receive faxes 24x7, no second line necessary. > http://www.mbox.com.au/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010718004526.E514-100000>