![]() |
twantrd,
I have successfully configured VirtualHost. Now, when I typein www.company1.com on my browser I get to see the www.company1.com's DocumentRoot. And the same thing happened on www.company2.com. Now, my problem is that it seems that the two websites still shares the same certificate. How can I configure the server to use different certs on each site? Here's my ssl.conf. Hope you can tell me if this is secure enough. I also notice that https is really slow compared to the traditional http. Maybe because of the encryption which makes it really slow. I also heard from Steve Gibson that it is possible to generate a certificate for each client to be installed on his' browser just for him to access the site. Have you tried this before and how were you able to do this? Thanks and hope you can help me out. LoadModule ssl_module modules/mod_ssl.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/cache/mod_ssl/scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 NameVirtualHost *:443 <VirtualHost *:443> DocumentRoot "/var/www/company1" ServerName www.company1.com ServerAdmin admin@company1.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/honda.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/honda.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost *:443> DocumentRoot "/var/www/company2" ServerName www.company2.com ServerAdmin admin@company2.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/ssl.crt/iadi.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/iadi.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> |
I believe you'll need a seperate IP address per SSL cert. Therefore, you need to start binding some alias ip's and declare those ip's in your vhosts. Give that a shot.
Reading some docs on the web, it appears that you need to do this because SSL negotiation happens before the actual HTTP request and so the hostname is not available during SSL negotiation. -twantrd |
All times are GMT -5. The time now is 08:50 PM. |