Differences between version 22 and predecessor to the previous major change of SSLNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 22 | Last edited on Saturday, August 27, 2005 4:44:16 am | by AlexDery | Revert |
Older page: | version 18 | Last edited on Saturday, June 28, 2003 4:31:38 pm | by JonPurvis | Revert |
@@ -1,6 +1,6 @@
-SSL stands for Secure Socket Layer. Its used for secure communications between SSL-enabled clients and servers. Typical examples of its use
-include HTTPS, POPS
, LDAPS
, and so on. If you are doign any network-based authentication, you should be doing it over SSL. Ideally, you want
+[
SSL]
stands for Secure Socket Layer. Its used for secure communications between SSL-enabled clients and servers. Typical examples of its use
+include [
HTTPS]
, [POP|POP3]S
, [LDAP]S
, and so on. If you are doign any network-based authentication, you should be doing it over SSL. Ideally, you want
all network-enabled services (http, smtp, pop, samba, ldap) running over it. Slim chance, I know. :)
----
@@ -63,9 +63,13 @@
cp apache-cert.pem /etc/apache-ssl/apache.pem
cp apache-key.pem /etc/apache-ssl/apache-key.pem
----
-To make a CA key available to Web brower
users, add:
+If you have several websites under a single domain ie (site1.domain.com, site2.domain.com) you can create a single wildcard certificate that is valid for both of them. To do this simply make the CN of the certificate *.domain.com and then install the certificate as usal.
+
+Remember you can't name virtual host SSL enabled sites.
+----
+
To make a CA key available to Web browser
users, add:
!AddType application/x-x509-ca-cert pem
!AddType application/x-x509-ca-cert der
to your httpd.conf or .htaccess file. This associates this [MIME] Type with *.pem and *.der files. copy your cacert.pem file onto the web server, and create a .der version for IE users with the command:
openssl x509 -in cacert.pem -inform pem -out cacert.der -outform der