Hello,

I have RH7.1, with Apache/1.3.22 with mod_ssl/2.8.5 OpenSSL/0.9.6 compiled into.

I use name based virtual hosting, pls let me know how can i enable SSL for a domain without a separate IP address?

Presently all domains i have setup in my httpd.conf can be accessed with with "https" prefix and it opens up the apache test page. I presume i just need to specify a virtual host block for the domain i want to enable ssl for, correct me if am wrong.

Also, how is mod_ssl different from apache-ssl?
Do i need to setup apache-ssl as well? Which one do i need?

Also, i understand when a customer asks for SSL support i will just setup the virtualhost block inside apache and his domain
can be accessed with https pointing to some folder.
But what do i need to do when a customer asks for a SSL certificate?

Thanks,
Viv

Originally posted by hostchamp
Hello,

I have RH7.1, with Apache/1.3.22 with mod_ssl/2.8.5 OpenSSL/0.9.6 compiled into.


You should upgrade all of those or patch them.


I use name based virtual hosting, pls let me know how can i enable SSL for a domain without a separate IP address?


To be clear, do you want to enable SSL for over one domain? You have to use a different IP for each SSL certificate.


Presently all domains i have setup in my httpd.conf can be accessed with with "https" prefix and it opens up the apache test page. I presume i just need to specify a virtual host block for the domain i want to enable ssl for, correct me if am wrong.


You are accessing the default documentroot for SSL, it sounds like. You can't specify a virtual host to use SSL via the browser without it being set up in the Apache configuration file.


Also, how is mod_ssl different from apache-ssl?
Do i need to setup apache-ssl as well? Which one do i need?


Either will work. It's basically the same, but mod_ssl is a module addition for Apache so you can use SSL. Apache-SSL/BenSSL is basically just an SSL version. The advantage tothat, is that regular requests can run as another user than the regular non-SSL Apache user (among some other reasons).


Also, i understand when a customer asks for SSL support i will just setup the virtualhost block inside apache and his domain
can be accessed with https pointing to some folder.


It can point to the same or different folder. It's up to you. It's basically the same virtual host type syntax with a few modifications (such as poer 443, rather than port 80), paths and directives for SSL and it's certificate and key files.


But what do i need to do when a customer asks for a SSL certificate?

Thanks,
Viv

What you need really depends on your set up. You've got basically everything you need now, other than you'll want to have an extra IP handy. If you host all your sites on only one IP, you can still put on certificate on that one IP, but if you add more, you'll need to have another IP for the second, another for the 3rd and so on.

Thanks robert, that was indeed very helpful.

Yes, what i actually wanted to know was if i can enable Name Based SSL which now i understand is not possible cos you need a separate IP for each SSL installation.

I can configure a domain in apache to use ssl but how do i setup a certificate?

Also, say if i do not want to install an ssl certificate for a second domain, then can i have it use SSL over the same IP address?
I.e. can i have https://secure.a.com and https://secure.b.com configured on the same one IP to open their respective pages?

Or configuring a secure site without a certificate is not possible?

Pls let me know.

Also how and where from do i get a free certificate for a test drive?

Originally posted by hostchamp
Thanks robert, that was indeed very helpful.

Yes, what i actually wanted to know was if i can enable Name Based SSL which now i understand is not possible cos you need a separate IP for each SSL installation.

I can configure a domain in apache to use ssl but how do i setup a certificate?


You have to create a .crs file (which you generate). You use that to have a .key file created from an SSL vendor. That is used to create the .crt (certificate) file and you use the .crt and .key files in the configuration for the virtual host.


Also, say if i do not want to install an ssl certificate for a second domain, then can i have it use SSL over the same IP address?
I.e. can i have https://secure.a.com and https://secure.b.com configured on the same one IP to open their respective pages?


Only one certificate per domain and IP. You can buy a wild card certificate though, but it's expensive and that will only work on sub domains.


Or configuring a secure site without a certificate is not possible?


You need a certificate, but you can create on yourself. It's not going to work without warnings or errors, but it serves the purpose of encrypting the data.


Pls let me know.

Also how and where from do i get a free certificate for a test drive?

I'm not sure of any pages that guide you through the steps, but I'm sure there's many. Is there anything else about your set up or goal you're trying to accomplish? You said you have one IP, but that the document root is not what you want? If so, it sounds like you already have an SSL certificate on that one IP and I'm not sure what else to suggest if that's the case.

i do not have a ssl virtual host configured presentlty in httpd.conf
and do not know if i already have an SSL certificate, how can i chk if i have one?

Originally posted by hostchamp
i do not have a ssl virtual host configured presentlty in httpd.conf
and do not know if i already have an SSL certificate, how can i chk if i have one?

Hi, you said in the first post "Presently all domains i have setup in my httpd.conf can be accessed with with "https" prefix and it opens up the apache test page." which would indicate that a certificate is already installed, perhaps by default for any https accesses. Do you have the ability to request more IP's, or how many do you have now?

I have around 10-12IPs now, 6 are in use for customer dns, yes i have checked and have ssl cert. installed, i think i installed it long time back, how do i check if it is a commercial certificate or a self signed certificate?

Also do u know how to create a self signed certificate?

Also, if i have a self signed certificate, is it domain specific?
i.e. can i have more then one domain pointing to the same certificate?

If a customer asks for a certificate, then can i offer a self signed certificate to my customer without having to pay a CA?