auf.kante
Gunnar macht sich selbststaendig und fliegt auf
die Schnauze wird erfolgreich. Wer mag darf zuschauen.
Gunnar is starting his business. He will certainly
fail succeed. You may watch.
auf.kante
Website sections
Home
About me
Projects
Personal Wiki
Private
Contact me
Imprint
rss  RSS
www.flickr.com
Blogroll
panoramicum
Kaffee.Satz
Merlix
Das Nuf
Elfengleich
Herr Paulsen
Ina
Lu
Mequito
Nachtschwester
HHvsB
Rebella
Saintphalle
Mike
blog:read
Moving
Isabo
Melancholie Modeste
Lichtmalerin
Calendar
< September 2006 >
SuMoTuWeThFrSa
      1 2
3 4 5 6 7 8 9
10111213141516
17181920212223
24252627282930
Recently played
last.fm
Blog sections
/
    
deutsch/
        
firma/
        
hamburg/
        
impro/
        
reise/
        
rest/
    
english/
        
personal/
            
media/
            
news/
                
science/
        
technical/
            
gentoo/
            
projects/
                
kolab/

Fri, 01 Sep 2006

Configuring apache for multiple SSL domains

A year ago my conclusion from googling around was that it is impossible to run multiple SSL vhosts on a single Apache server. At least if you do not resort to methods like assigning vhosts to specific ports. What I wanted was name based virtual hosting combined with the security provided by a SSL certificate.

So when I got certified by CAcert a while back I was more than happy to find instructions in their wiki concerning name based SSL hosts. The method that works for many applications that can communicate via SSL is to store one common name and several alternative names in one certificate.

The mentioned wiki page discusses the alternative options in detail but I just want to highlight the procedures you need to follow in order to get a usable certificate for your SSL vhosts.

mkdir vhost_ssl
cd vhost_ssl
wget http://guillaume.romagny.free.fr/evaldo/csr.sh
chmod u+x csr.sh
./csr.sh

First enter an identifier for the certificate. This is not related to the server names and you can choose whatever you wish here:

Short Hostname (ie. imap big_srv www2): vhosts

Now follows the name of your primary host as common name:

FQDN/CommonName (ie. www.example.com) : gunnarwrobel.de

Subsequently you need to enter all alternative host names of the other vhosts that you wish to handle with this one certificate. Do not forget to provide the common name once again as the first alternative name:

SubjectAltName: DNS: gunnarwrobel.de
SubjectAltName: DNS: torp4.de
...

Finish with one line of empty input.

The script will place the certificate request and the private key into your home directory. Move them over to the current directory:

mv ~/vhosts_{csr,privatekey}.pem .

Now all you need to do in order to get the final certificate is to either process the certificate signing request using standard openssl procedures to get a self signed certificate. Or you submit the signing request to your certificate authority of choice, preferably CAcert.

Posted at: 07:59 | Permalink | category: /english/technical