From owner-freebsd-questions Wed Jul 18 10:43:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from listproc.corp.loudcloud.com (olly.loudcloud.com [66.54.20.10]) by hub.freebsd.org (Postfix) with ESMTP id 0F71337B407 for ; Wed, 18 Jul 2001 10:43:26 -0700 (PDT) (envelope-from seanp@loudcloud.com) Received: from loudcloud.com (grover.geek.loudcloud.com [192.168.0.253]) by listproc.corp.loudcloud.com (8.11.3/8.10.1) with ESMTP id f6IHcM306282; Wed, 18 Jul 2001 10:38:22 -0700 (PDT) Message-ID: <3B55CA90.4C2A12E5@loudcloud.com> Date: Wed, 18 Jul 2001 10:42:41 -0700 From: Sean Peck X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Ryan Thompson Cc: BSD Freak , FreeBSD Questions Subject: Re: SSL Certificates References: <20010718004526.E514-100000@home.sasknow.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you are going to go for a *.yourname.com you will save a good bit of money and a lot less paperwork if you go get it from thawte.com instead of verisign. Ryan Thompson wrote: > BSD Freak wrote to FreeBSD Questions: > > > Hiya all, > > > > I need to host multiple SSL sites on my FreeBSD 4.3 box. I am > > currently using Apache 1.3 + mod_ssl and am using name based virtual > > hosts. I don have a lot of experience with SSL but maybe someone out > > ther has. > > > > My question is do I need a seperate digital certificate for each > > virtual host? Going by the Verisign documentation it seems so but is > > not 100% clear. > > You normally need a different digital certificate for each common name (a > common name is a complete hostname, like www.yourname.com). Verisign will, > however, for a bigger price, issue wildcard certs based on a 2nd level > domain, that will match *.yourname.com, for example. Some other cert > issuers (like Thawte) offer the same. This assumes you do not want your > users to go through the hassle or uncertainty of authorizing a > certificate. If you don't care about that, you can self-sign your own > certificates and not bother paying a CA, for that matter). > > And, unfortunately, name based virtual hosting does not work with SSL. > Every different SSL virtual host needs a unique IP address. You must use > IP-based virtual hosting. If you don't have access to spare IP addresses, > virtually hosting multiple SSL sites won't work. > > > Does anyone know there answer for certain? > > Been there, done that, got the bigger netblock, so yes, quite certain. :-) > > - Ryan > > > > > Thank in advance... > > > > --------------------------------------------- > > Receive faxes 24x7, no second line necessary. > > http://www.mbox.com.au/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Garbage Collection... the bell bottoms of programming.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message