Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1) I have an important query that would a server require only 1 SSL certificate or is it that there have to be different SSL certificates for the URL’s hosted on the server? Say for a server www.example.com, there could be different URL’s like www.example1.com & www.example2.com configured using the concept of named based virtual hosting where the HTTP configuration file /etc/httpd/conf/httpd.conf would have the required entries.
2) I placed 1 file into /etc/www/html/index.html containing “Hello world”. There is also a default localhost.crt file in /etc/pki/tls/certs which comes with a installation of mod_ssl package. The access to http://localhost & https://localhost gives “Hello world”. I moved the localhost.crt to /tmp folder but still the access to http://localhost & https://localhost gives “Hello world”.
1) I have an important query that would a server require only 1 SSL certificate or is it that there have to be different SSL certificates for the URL’s hosted on the server? Say for a server www.example.com, there could be different URL’s like www.example1.com & www.example2.com configured using the concept of named based virtual hosting where the HTTP configuration file /etc/httpd/conf/httpd.conf would have the required entries.
If you looked up how to generate an SSL certificate, you would see that the domain name is part OF the certificate. Since you are using different domains, it is VERY OBVIOUS that you would need different certificates for each domain.
Since you've got a 'certification', and you claim to be paying for L3 support from Red Hat, you are also paying for access to their online knowledge base. Which has instructions on how to do what you're wanting to do. Did you TRY to look this up??? https://access.redhat.com/documentat...ratingkey.html
Quote:
2) I placed 1 file into /etc/www/html/index.html containing “Hello world”. There is also a default localhost.crt file in /etc/pki/tls/certs which comes with a installation of mod_ssl package. The access to http://localhost & https://localhost gives “Hello world”. I moved the localhost.crt to /tmp folder but still the access to http://localhost & https://localhost gives “Hello world”.
And what, exactly, is the issue here? You moved a file...did you restart apache??? If you didn't the certificate is still loaded. And did you check the apache logs??
The link you sent of Red Hat is for SSL certificate generation, I am fine with it. I may not be an expert like you to have figured out the complete implications of the domain name field.
1 thing which I noticed subsequently and missed in my post is that after moving the localhost.crt to /tmp folder, the httpd service is not starting. The log in /var/log/httpd/error_log is not showing anything relevant.
I understood that for different domains like www.example.com & www.example1.com, separate SSL certificates would be required. But how about, URL's like abc.example.com & bcd.example.com.
Please reply to my query whether separate SSL certificates would be required or not for the example sites as abc.example.com & bcd.example.com.
The link you sent of Red Hat is for SSL certificate generation, I am fine with it. I may not be an expert like you to have figured out the complete implications of the domain name field.
So if you know/knew that each domain needs its own certificate, why ask? Especially since the RHEL documentation also explains this.
Quote:
1 thing which I noticed subsequently and missed in my post is that after moving the localhost.crt to /tmp folder, the httpd service is not starting. The log in /var/log/httpd/error_log is not showing anything relevant.
...which is because you moved the certificate, so apache will NOT start. You did fail to mention that in your last post.
Quote:
Originally Posted by RHCE_ran
The certificate line file was commented, I had overlooked it. Now the httpd has started.
Which is as expected.
Quote:
Originally Posted by RHCE_ran
I understood that for different domains like www.example.com & www.example1.com, separate SSL certificates would be required. But how about, URL's like abc.example.com & bcd.example.com. Please reply to my query whether separate SSL certificates would be required or not for the example sites as abc.example.com & bcd.example.com.
First you say you read and understood that each domain needs a separate certificate, and you get an answer that says YES, they OBVIOUSLY DO, and get pointed to the Red Hat documentation that ALSO says this....so you ask the same question AGAIN????
abc.example.com and bcd.example.com are DIFFERENT DOMAIN NAMES. Different names = different certificate. AGAIN, as you've been told before, look in the Red Hat knowledgebase, which you are PAYING FOR ACCESS TO, and which has answers to these questions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.