Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-21-2006, 04:29 PM
|
#1
|
Senior Member
Registered: Dec 2004
Posts: 1,056
Rep:
|
trying to install SSL cert on apache 2.0
i have a debian machine running apache 2.0 and I'm trying to create an SSL cert for one particular site. I have a few questions.
1). Can I install different certs for different domains hosted by a single instance of apache?
2). I'm currently using this 'tutorial' (if you can call it that) to create a temporary cert. It doesn't reference any particular hosting directory and appears to be intended to create one master cert for an apache server or something. Can I use this to technique to create multi certs for multi domains?
http://www.fedoraforum.org/forum/arc...p/t-32602.html
Any help would be *greatly* appreciated. I need to finish this project!
|
|
|
07-21-2006, 06:03 PM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
|
The simple answer is NO. You cannot have more than one secure vhost.
For more details read the apache explanation
Regards
|
|
|
07-21-2006, 06:44 PM
|
#3
|
Senior Member
Registered: Dec 2004
Posts: 1,056
Original Poster
Rep:
|
THANKS for the post.
The article is pretty clear. It does say that one might use different IPs or different PORTS as a workaround. Can anyone explain how this might be done?
|
|
|
07-22-2006, 09:32 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
|
If you want to use multiple IPs, you can setup your apache to use ip-based vhosts. You must also configure your dns to point to these domains (i.e. xx.xx.xx.xx domain1.com, yy.yy.yy.yy domain2.com). Then in your httpd.conf use multiple "Listen" directives for each IP address. Finally at the vhosts section:
Code:
<VirtualHost www.domain1.com>
DocumentRoot /var/www/domain1
ServerName www.domain1.com
SSLEngine on
SSLCertificateFile /path/to/www.domain1.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>
<VirtualHost www.domain2.com>
DocumentRoot /var/www/domain2
ServerName www.domain2.com
SSLEngine on
SSLCertificateFile /path/to/www.domain2.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>
To use different ports, use again the "Listen" directive defining different ports (i.e. 443,444,445..). Then use this in your httpd.conf:
Code:
<VirtualHost _default_:443>
DocumentRoot /var/www/domain1
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /path/to/www.domain1.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>
<VirtualHost _default_:444>
DocumentRoot /var/www/domain2
ServerName www.domain2.com
SSLEngine on
SSLCertificateFile /path/to/www.domain2.com.cert
SSLCertificateKeyFile /path/to/www.domain2.com.key
...
...
</VirtualHost>
|
|
|
07-22-2006, 04:12 PM
|
#5
|
Senior Member
Registered: Dec 2004
Posts: 1,056
Original Poster
Rep:
|
that's totally helpful, bathory, but i'm using apache 2 and my httpd.conf file is almost completely empty. I'm still reading the apache2 docs trying to figure out where the virtual host configs go.
Will those same directive apply for apache 2 virtual hosts?
|
|
|
07-22-2006, 05:13 PM
|
#6
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
|
It's not a matter of apache2 that httpd.conf is almost empty. Many distros split httpd.conf in more files (e.g vhosts.conf, ssl.conf, php.conf etc) to be more readable and easy to edit.
You can apply these lines to the specific *.conf and they should work.
Regards
|
|
|
07-23-2006, 06:39 PM
|
#7
|
Senior Member
Registered: Dec 2004
Posts: 1,056
Original Poster
Rep:
|
hm. i'm having trouble getting even one cert to work... i have generated my key, csr, and a self-signed cert and I altered the config file for my domain and i'm getting a 400 error: 'your browser (or proxy) sent a request that this server could not understand'.
Here is my apache conf file:
Code:
NameVirtualHost www.xxx.yyy.zzz
<VirtualHost www.xxx.yyy.zzz>
ServerAdmin admin@foo-und-bar.com
DocumentRoot /home/foobar/public
# === added by me ===
ServerName foobar.com
SSLEngine on
SSLCertificateFile /home/foobar/foobar.com.cert
SSLCertificateKeyFile /home/foobar/foobar.com.key
# ====================
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/foobar/public/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /home/foobar/logs/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /home/foobar/logs/access.log combined
ServerSignature On
</VirtualHost>
|
|
|
All times are GMT -5. The time now is 11:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|