Server :: Multiple SSL Certificates On Apache
Apr 4, 2010
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
View 14 Replies
ADVERTISEMENT
Jan 9, 2011
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies
View Related
Aug 24, 2010
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
View 7 Replies
View Related
Nov 23, 2010
I was wondering if it is possible to have different certificates for different directories in a https-directory ?So what I want is that for a specificry a specific TLS-certificate is needed by the http-client to be authorized to the directory.Directory /var/www/html/secure/1 needs a certificate A.Directory /var/www/html/secure/2 need a different certificate B.So I have 1 CA, which signs the other certificates of the specific directory. The http-client gets the certificate A or certificate B (to be authenticated for secure/1 of secure/2)
View 5 Replies
View Related
May 8, 2009
I would like to know if I need multiple IPs' to setup two SSL urls on the same Apache server? Two ssl certificates, one IP - is it possible?
View 4 Replies
View Related
Sep 2, 2009
Is it possible to run multiple SSL enabled sites (each having it's own SSL certificate) off of one IP address, or do I need a separate IP for each one? Any links to conclusive web pages.
View 3 Replies
View Related
Aug 16, 2011
How can I allow multiple SSL certificates in the default-ssl file in /etc/apache2/sites-available/ folder? I tried
Code:
NameVirtualHost *:443
And
Code:
<VirtualHost *:443>
but I get the error
[Code]...
View 2 Replies
View Related
Sep 29, 2009
I used the Center for Internet Security Benchmark for Apache Web Server v2.1 (January 2008) manual.
This is the guidelines I have to follow when installing and configuring Apache...So the problem arises when we get to page:28
Just after running this command: openssl x509 -in url | more
We get this error:unable to load certificate 31352:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
View 2 Replies
View Related
Apr 2, 2011
I have to run multiple instances of apache on the same physical machine, as we have different OAM policies for different domains.is in the httpd.conf file can I have ServerName same in two instances of apache, like
ServerName: prod_machine (actual machine name)
In the vhconf files I do have different servernames for virtual hosts. Apache instances are running on same IP but different ports. I am including various vhost files in the main httpd.conf file. Can I skip servername in the main httpd.conf file and include different servernames in the virutal hosts configs. OS: Solaris10
View 1 Replies
View Related
Jan 17, 2009
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies
View Related
Apr 19, 2011
I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
View 3 Replies
View Related
Jan 6, 2011
I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
View 2 Replies
View Related
Jun 28, 2009
I have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
View 1 Replies
View Related
Jul 26, 2009
I am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
View 2 Replies
View Related
Sep 17, 2010
i have a quick question about using plesk on centos 5.x server and installation of ssl certificates. if anyone out there has expertise with above,
View 1 Replies
View Related
Sep 11, 2010
My sendmail server makes use of the TLS_SRV_OPTIONS which is set to `V' meaning it shouldn't verify certificates. As a server, it doesn't and the {verify} macro shows "NOT" in the logs, showing that no certificate request was sent out.
Acting as a client though, and I'm talking both about the server acting as a client towards other mail servers and about the local mail submission agent, it always verifies certificates. My mail submission agent when contacting my own mail server verifies the mail servers' certificate and still, the mail server has not initiated any exchanging of certificates since it still says "verify=NOT" in the logs (whereas the same entry for the submission agent reads OK or FAIL depending on what I use).
So, does mail servers ALWAYS send out its certificates and when they do, the "client" in question (no matter if it's the mail server acting as client or the mail submission agent) validates it because the TLS_SRV_OPTIONS setting just applies to when it's running as a server, or is there a setting to tell Sendmail not to send out certificates since you're not in the business of certificate verification relaying anyways?
View 1 Replies
View Related
Oct 14, 2010
I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking.
first, system info:
monitored server:
CentOS 5.3 2.6.18-128.1.1.el5
[code]....
View 7 Replies
View Related
Jan 5, 2010
I've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
View 4 Replies
View Related
Feb 17, 2010
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies
View Related
Feb 4, 2010
Any one have an idea How to clear apache cache without restarting apache server.
View 5 Replies
View Related
Jan 24, 2010
I am upgrading my server and I have a lot of sites. Since I cannot take my server down for a few days, maybe a week until I manage to migrate all the sites to the new machine, I figured I could migrate them one by one. After migrating one, I would somehow tunnel the requests of that name virtual host to my internal machine. When everything is migrated, I would then switch the machines, update ip's and stuff and everything will work just fine.
However I cannot seem to find a way to do this tunneling. is this at all possible? If not, what alternatives do I have?
View 5 Replies
View Related
Oct 7, 2010
I have one physical dedicated server. The name of the server is 'mail.iamghost.tld' which is obviously my Postfix mail server for my users. Now I generated SSL self signed certificates with 'OpenSSL' which is for 'mail.iamghost.tld'. I also have Apache installed on the same server to access my webmail application. I created a pointer record for 'url' to point to the same static I.P. as 'mail.iamghost.tld'. So my question is if I also want to encrypt site login's for url, do I need to generate a unique SSL certificate for 'url' or can I use my existing SSL certificates that are assigned to 'mail.iamghost.tld'? It's the same server but when people browse to my 'url' site, I don't want there to be an issue with the certificates saying it's for 'mail.iamghost.tld' when they're really communicating with 'url'.
View 5 Replies
View Related
Jul 21, 2010
I read that since httpd 2.2.12 (I run 2.2.15), it is now possible to run multiple SSL certs on multiple vhosts on one ip. I didn't find a procedure to do it. Do you know how to?
View 1 Replies
View Related
Mar 28, 2010
I have several sites running on a local server. Currently, they're all running on port 80. I need one particular site (and ONLY that site) to also accept connections on port 81.
If I browse to the server IP x.x.x.x:80 directly, Apache's behaviour of showing the default site should work as usual. But, if I browse to IP x.x.x.x:81, it should show a different site (the one that should be accepting both :80 and :81). This part is very important.
I was hoping something like the following would work, but it didn't Currently x.x.x.x:81 still shows what I've called myport80defaultsite.com below.
Code:
Listen 80
Listen 81
<VirtualHost *:80>
ServerName myport80defaultsite.com
[Code].....
View 1 Replies
View Related
Jul 5, 2010
how is it possible to serve multiple sites hosted in my computer with apache through dyndns.I am using ubuntu 10.04 and i had setup a dyndns domain as of mydomain.homelinux.org/127.0.1.1 medic. Now when i go to mydomain. homelinux.org outside of my lan i see the default site of apache.
View 3 Replies
View Related
Jan 12, 2010
I am having a problem with apache's virtualhost directive hosting multiple domains on a single IP with Apache 2.2 on Fedora 11. For example i have domaina.com and domainab.com pointing to the same IP address and have my httpd.conf configured like so:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/domainA
[code]....
The problem is when i navigate to either domaina.com or domainb.com i get the default Apache page. Its like it is only accepting the default DocumentRoot directive.
View 3 Replies
View Related
Feb 20, 2009
How to give mulitple virtual host in apache. I want to access all my sites with ip 192.168.1.125
For ex :if i want to access dpm.net it should have the ip 192.168.1.230 with port 80 & for persur.net it should have the same ip 192.168.1.230 with port 80
After restarting the apache servers.I am unable to run both the applications in a single time.
For that i gave Include /etc/apache2/sites-enabled/[^.#]* in apache2.conf. But still its not working.
View 2 Replies
View Related
Feb 22, 2011
I will be doing actual development and testing on the same machine as the server. It is a single user machine in the sense that I will be the only one working on the machine. There will be multiple hosted languages, specifically PHP and RoR while possibly expanding later. I'd like the setup to translate well to a production environment. With those 3 things in mind there are a couple of things I've had in the back of mind.Seeing as it's a single user machine I haven't been able to decide whether or not I should be working on things out of my home directory or if they should be located outside of it.I'm feeling that outside of a user directory would be better as it would translate better to a production environment, but I'm also not sure if that will come with any permission annoyances or concerns seeing as I'll be working on the same machine. Hosting multiple languages seems like it may be a bit quirky. With PHP I've found you're generally just dumping the project somewhere in the document root where as something like a Rails app you have the entire project and you only want the public directory in the document root.
View 1 Replies
View Related
Feb 7, 2011
I'm looking at setting up a couple automated systems: Here are a few examples:
* Internal accounting system to download and process emails
* Public web server to visit
I could put each system on its own separate box -- for example, it's generally good practice to separate anything that external users have access to (such as a webserver) from internal processes such as accounting. Now, rather than dishing out the money for two separate servers, could I get away with just installing new instances of VMWare on the same box for each system?
To give you an idea, these are not large scale computationally sensitive systems. The accounting one is simply downloading and tallying emails, and the latter is just a webserver with maybe 5 hits per day on a good day. I could definitely pick up a new box for say $50, but I wanted to know the general practice of using VMWare on the same box versus two separate boxes.
View 2 Replies
View Related
Dec 30, 2010
I have a server that host's several sites, recently I had to create a new server because the old one isn't good enough for me. Ive installed apache2 on the new server and moved all the files from one server to the other. I'm making tests in my local lan so I've edited my computer's hosts file to point to the name of each site to the local ip of the new server:
192.168.1.85 www.mypage.com
192.168.1.85 svn.mypage.com
192.168.1.85 trac.mypage.com
I have all the site definition files in /etc/apache2/sites-available I also have the used a2ensite to enable each page.
Whenever o use my browser to try and access each of the sites I always get the svn.mypage.com page and none of the others.
here is some debug info:
Code:
sudo apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
[Code]....
View 1 Replies
View Related
