From owner-freebsd-questions  Tue Jul 17 23:51:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from home.sasknow.net (stimpy.sasknow.net [207.195.92.134])
	by hub.freebsd.org (Postfix) with ESMTP id 5903B37B40A
	for <freebsd-questions@FreeBSD.ORG>; Tue, 17 Jul 2001 23:51:54 -0700 (PDT)
	(envelope-from ryan@sasknow.com)
Received: from localhost (ryan@localhost)
	by home.sasknow.net (8.11.3/8.11.3) with ESMTP id f6I0u5f00532;
	Wed, 18 Jul 2001 00:56:05 GMT
	(envelope-from ryan@sasknow.com)
X-Authentication-Warning: home.sasknow.net: ryan owned process doing -bs
Date: Wed, 18 Jul 2001 00:56:04 +0000 (GMT)
From: Ryan Thompson <ryan@sasknow.com>
X-X-Sender:  <ryan@home.sasknow.net>
To: BSD Freak <bsd-freak@mbox.com.au>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: SSL Certificates
In-Reply-To: <2868b8280d90.280d902868b8@mbox.com.au>
Message-ID: <20010718004526.E514-100000@home.sasknow.net>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

BSD Freak wrote to FreeBSD Questions:

> Hiya all,
>
> I need to host multiple SSL sites on my FreeBSD 4.3 box. I am
> currently using Apache 1.3 + mod_ssl and am using name based virtual
> hosts. I don have a lot of experience with SSL but maybe someone out
> ther has.
>
> My question is do I need a seperate digital certificate for each
> virtual host? Going by the Verisign documentation it seems so but is
> not 100% clear.

You normally need a different digital certificate for each common name (a
common name is a complete hostname, like www.yourname.com). Verisign will,
however, for a bigger price, issue wildcard certs based on a 2nd level
domain, that will match *.yourname.com, for example. Some other cert
issuers (like Thawte) offer the same. This assumes you do not want your
users to go through the hassle or uncertainty of authorizing a
certificate. If you don't care about that, you can self-sign your own
certificates and not bother paying a CA, for that matter).

And, unfortunately, name based virtual hosting does not work with SSL.
Every different SSL virtual host needs a unique IP address. You must use
IP-based virtual hosting. If you don't have access to spare IP addresses,
virtually hosting multiple SSL sites won't work.


> Does anyone know there answer for certain?

Been there, done that, got the bigger netblock, so yes, quite certain. :-)


- Ryan


>
> Thank in advance...
>
>  ---------------------------------------------
>  Receive faxes 24x7, no second line necessary.
>            http://www.mbox.com.au/
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message