LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-21-2006, 04:29 PM   #1
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Rep: Reputation: 78
trying to install SSL cert on apache 2.0


i have a debian machine running apache 2.0 and I'm trying to create an SSL cert for one particular site. I have a few questions.

1). Can I install different certs for different domains hosted by a single instance of apache?

2). I'm currently using this 'tutorial' (if you can call it that) to create a temporary cert. It doesn't reference any particular hosting directory and appears to be intended to create one master cert for an apache server or something. Can I use this to technique to create multi certs for multi domains?

http://www.fedoraforum.org/forum/arc...p/t-32602.html

Any help would be *greatly* appreciated. I need to finish this project!
 
Old 07-21-2006, 06:03 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
Blog Entries: 1

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
The simple answer is NO. You cannot have more than one secure vhost.
For more details read the apache explanation

Regards
 
Old 07-21-2006, 06:44 PM   #3
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
THANKS for the post.

The article is pretty clear. It does say that one might use different IPs or different PORTS as a workaround. Can anyone explain how this might be done?
 
Old 07-22-2006, 09:32 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
Blog Entries: 1

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
If you want to use multiple IPs, you can setup your apache to use ip-based vhosts. You must also configure your dns to point to these domains (i.e. xx.xx.xx.xx domain1.com, yy.yy.yy.yy domain2.com). Then in your httpd.conf use multiple "Listen" directives for each IP address. Finally at the vhosts section:
Code:
<VirtualHost www.domain1.com>
DocumentRoot /var/www/domain1
ServerName www.domain1.com
SSLEngine on
SSLCertificateFile /path/to/www.domain1.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>

<VirtualHost www.domain2.com>
DocumentRoot /var/www/domain2
ServerName www.domain2.com
SSLEngine on
SSLCertificateFile /path/to/www.domain2.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>
To use different ports, use again the "Listen" directive defining different ports (i.e. 443,444,445..). Then use this in your httpd.conf:
Code:
<VirtualHost _default_:443>
DocumentRoot /var/www/domain1
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /path/to/www.domain1.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
...
...
</VirtualHost>

<VirtualHost _default_:444>
DocumentRoot /var/www/domain2
ServerName www.domain2.com
SSLEngine on
SSLCertificateFile /path/to/www.domain2.com.cert
SSLCertificateKeyFile /path/to/www.domain2.com.key
...
...
</VirtualHost>
 
Old 07-22-2006, 04:12 PM   #5
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
that's totally helpful, bathory, but i'm using apache 2 and my httpd.conf file is almost completely empty. I'm still reading the apache2 docs trying to figure out where the virtual host configs go.

Will those same directive apply for apache 2 virtual hosts?
 
Old 07-22-2006, 05:13 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,209
Blog Entries: 1

Rep: Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064Reputation: 2064
It's not a matter of apache2 that httpd.conf is almost empty. Many distros split httpd.conf in more files (e.g vhosts.conf, ssl.conf, php.conf etc) to be more readable and easy to edit.
You can apply these lines to the specific *.conf and they should work.

Regards
 
Old 07-23-2006, 06:39 PM   #7
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,056

Original Poster
Rep: Reputation: 78
hm. i'm having trouble getting even one cert to work... i have generated my key, csr, and a self-signed cert and I altered the config file for my domain and i'm getting a 400 error: 'your browser (or proxy) sent a request that this server could not understand'.

Here is my apache conf file:

Code:
NameVirtualHost www.xxx.yyy.zzz
<VirtualHost www.xxx.yyy.zzz>
    ServerAdmin admin@foo-und-bar.com
	
	DocumentRoot /home/foobar/public
	# === added by me ===
	ServerName foobar.com
	SSLEngine on
	SSLCertificateFile /home/foobar/foobar.com.cert
	SSLCertificateKeyFile /home/foobar/foobar.com.key
	# ====================

	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /home/foobar/public/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		# This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
		# RedirectMatch ^/$ /apache2-default/
	</Directory>
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog /home/foobar/logs/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /home/foobar/logs/access.log combined
	ServerSignature On

</VirtualHost>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp SSL cert errors dharm Linux - Security 3 05-22-2006 09:25 PM
installing ssl cert kwickcut Mandriva 4 09-25-2005 02:27 PM
SSL sign cert error Giallo998 Linux - Networking 1 04-25-2005 10:06 AM
Qmail ssl cert eltonmou Linux - Software 0 08-18-2004 07:48 AM
Webmin SSL Cert hakcenter Linux - Security 4 10-22-2003 05:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration