1) I have created a folder https-docs inside their home directory.
Now how do i map this in httpd.conf so that when someone types https://www.hisdomain.com the index page in the https-docs folder opens up?
2) Is it necessary to generate a RSA private key and a CSR for each domain i want to setup https for?
3) I do not have many ips, can the https be enabled for Virtual Hosts without having to allocate a separate IP for each vhost?
4) Is it necessary that i have a SSL Certificate installed for each domain i want to enable https for?
5) I am running Red Hat Enterprise Linux ES release 2.1 and apache-1.3.27-6.ent . I have following SSL packages installed;
6) Do i need the Apache-SSL package to support HTTPS on virtual domains ?
7) My objective is just to have https enabled for all my customer domains to point to a secure folder on their hosted domains without having to setup SSL certificate for each.
8) Why do you need SSL certificate?
9) My /etc/httpd/conf/ssl.key has following files;
server.key snakeoil-ca-dsa.key snakeoil-ca-rsa.key snakeoil-dsa.key snakeoil-rsa.key
and /etc/httpd/conf/ssl.crt has following files;
Makefile.crt ca-bundle.crt server.crt snakeoil-ca-dsa.crt snakeoil-ca-rsa.crt snakeoil-dsa.crt snakeoil-rsa.crt
and /etc/httpd/conf/ssl.crl has following files;
To do it for the customer's domains, you need to generate a certificate signing request (CSR), get is signed by a proper authority, and then set it up on a dedicated IP. It has to be a dedicated IP as with HTTPS the address of the site being requested isn't sent until AFTER the certificate has been set up so the web server can't tell which certificate to send out. This is obviously impractical for lots of virtual hosts, as it would mean having large amounts of (increasingly scarce) ip addresses and a lot of hassle and expense (as the authorities don't sign the certificates for free).
Your best bet for setting this sort of thing up therefore is to have something similar to the following: