LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-23-2010, 08:43 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Rep: Reputation: 33
Apache, https & certificates per directory


Hello,

I was wondering if it is possible to have different certificates for different directories in a https-directory ?

So what I want is that for a specific directory a specific TLS-certificate is needed by the http-client to be authorized to the directory.

Directory /var/www/html/secure/1 needs a certificate A.
Directory /var/www/html/secure/2 need a different certificate B.

So I have 1 CA, which signs the other certificates of the specific directory. The http-client gets the certificate A or certificate B (to be authenticated for secure/1 of secure/2)
 
Old 11-23-2010, 09:53 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,520

Rep: Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502
Hi,

What you can do is to setup 2 ssl virtual servers in apache, using /var/www/html/secure/1, /var/www/html/secure/2 and certA, certB respectively.
Note that this can be done with recent versions of openssl (0.9.8f or later) and apache (2.2.12 or later). For more details take a look here

Regards

Last edited by bathory; 11-23-2010 at 05:30 PM. Reason: typos
 
Old 11-23-2010, 10:19 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
To be very concrete :

I want to use different directories in which reside configuration files for Snom VoIP-phones. Configuration files for Snom phones of one customer may not be used by other customers.

Therefore I give each customer its own certificate to authenticate his Snom phones. These authenticated Snom VoIP-phones can then pull there configuration from the https-server.

Don't know whether this SNI is supported though...

Last edited by jonaskellens; 11-23-2010 at 10:24 AM.
 
Old 11-23-2010, 05:40 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,520

Rep: Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502
So you mean that the clients are those VoIP phones? I don't know either if they support TLS with the SNI extension, but I don't think so.
Anyway you can ask the manufacturer to confirm if the do or they do not support SNI.

Regards
 
Old 11-25-2010, 09:46 AM   #5
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 632

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by bathory View Post
So you mean that the clients are those VoIP phones?
Question asked to Snom.

What is the alternative ?! Is there another way to have multiple https-directories accessible with a different certificate ?
 
Old 11-25-2010, 12:52 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,520

Rep: Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502
Quote:
What is the alternative ?! Is there another way to have multiple https-directories accessible with a different certificate ?
I'm afraid I cannot think some another way for this. I.e. to access through web different directories using https with different certificates depending on the directory requested.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache and Certificates mphooo Linux - Newbie 2 09-30-2009 12:05 AM
Apache Https & Proxy wwnexc Linux - Software 0 11-04-2005 05:01 PM
trouble with apache 1.3 & https & debian deuce868 Linux - Networking 0 11-20-2004 09:11 PM
Apache & Squirrelmail:Redirect to https? mac_phil Linux - Software 1 05-24-2004 04:52 AM
Apache as proxy for http & https queries gosha Linux - Networking 0 07-21-2003 08:41 AM


All times are GMT -5. The time now is 07:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration