Hi all,
I have more than one web site on my SME-9.1 server. Each in a different i-bay and I would like each of them to have a different SSL Certificate.
- Line 39-75 are original from my server (toto.org)
- Line 52-54 are the original file locations for my server SSL files (Certificate for toto.org)
According to:
42 ## All SSL configuration in this context applies both to
43 ## the main server and all SSL-enabled virtual hosts
44 ## (unless overridden by virtual hosts)
I can override for another VirtaulHost???- Line 93-95 are the
3 lines I would like to add for the location files of the second certificate for the other web site: (Certificate for titi.org)
QUESTIONS:
1) Is that the proper way to do that?
2) I will have to signal something (post-ugrade and reboot). Is there another way without reboot?
3) What do I do with those 4 config setprop command?
# config setprop modSSL crt /home/e-smith/ssl.crt/my-server-name.toto.org.crt
# config setprop modSSL key /home/e-smith/ssl.key/my-server-name.toto.org.key
# config setprop modSSL CertificateChainFile /home/e-smith/bundle.crt
# config setprop modSSL CommonName
www.toto.org4) What about the command for the email?
# signal-event domain-modify ; signal-event email-update
Than you,
Michel-André
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
From:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htmNext, in the NameVirtualHost directive list your server's public IP address, *:443, or other port you're using for SSL (see example below).
Then point the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to the locations of the certificate files for each website as shown below:
NameVirtualHost *:443
########################################################## this is like for toto.org ???
<VirtualHost *:443>
ServerName
www.yoursite.com DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile /path/to/www_yoursite_com.crt
SSLCertificateKeyFile /path/to/www_yoursite_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</VirtualHost>
########################################################## this is like for titi.org ???
<VirtualHost *:443>
ServerName
www.yoursite2.com DocumentRoot /var/www/site2
SSLEngine on
SSLCertificateFile /path/to/www_yoursite2_com.crt
SSLCertificateKeyFile /path/to/www_yoursite2_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</VirtualHost>
###############
My SME-9.1 server: /etc/httpd/conf/httpd.conf
38 ...
39 ########################################################## for toto.org (I don't change nothing)
40 ## SSL Global Context Configuration
41 ##
42 ## All SSL configuration in this context applies both to
43 ## the main server and all SSL-enabled virtual hosts
44 ## (unless overridden by virtual hosts)
45 ##
46 <IfModule mod_ssl.c>
47 Listen 0.0.0.0:443
48
49 SSLEngine off
50 SSLProxyEngine On
51
52
SSLCertificateChainFile /home/e-smith/ssl.crt/bundle.crt 53
SSLCertificateFile /home/e-smith/ssl.crt/my-server-name.toto.org.crt 54
SSLCertificateKeyFile /home/e-smith/ssl.key/my-server-name.toto.org.key 55
56 SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
57
58 SSLPassPhraseDialog builtin
59
60 SSLSessionCache dbm:state/ssl_scache
61
62 SSLSessionCacheTimeout 300
63 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
64
65 SSLMutex file:state/ssl_mutex
66
67 SSLRandomSeed startup file:/dev/urandom 512
68 SSLRandomSeed connect builtin
69
70 #SSLLogLevel info
71 SSLProtocol all -SSLv3
72 </IfModule>
73 #
74 # END OF SSL GLOBAL CONTEXT CONFIGURATION
75 #############################################
76 ...
77
78 ...
79 ############################################# for titi.org
80
81 <VirtualHost 0.0.0.0:443>
82
83 ServerName titi.org
84 ServerAlias my-server-name.titi.org ftp.titi.org mail.titi.org proxy.titi.org wpad.titi.org
www.titi.org 85
86 DocumentRoot /home/e-smith/files/ibays/server-ibay/html
87 ScriptAlias /cgi-bin /home/e-smith/files/ibays/server-ibay/cgi-bin
88 Alias /files /home/e-smith/files/ibays/server-ibay/files
89
90 # SSL Directives
91 SSLEngine on
92 ########################################################## for titi.org (I add the 3 lines below)
93
SSLCertificateChainFile /home/e-smith/ssl.crt/bundle.crt 94
SSLCertificateFile /home/e-smith/ssl.crt/my-server-name.titi.org.crt 95
SSLCertificateKeyFile /home/e-smith/ssl.key/my-server-name.titi.org.key 96
97 RewriteEngine on
98 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
99 RewriteRule .* - [F]
100 ...
101 </VirtualHost>
102 #############################################