[NTLUG:Discuss] Multiple Apache-SSL Servers / Same Pass Phrase

[David Camm]

 > The mod_ssl module will only support 1 host name so virtual hosting is
 > not possible with SSL.  It's not like the other modules, SSL is a server
 > unto itself.  Maybe we can get Neil to explain this better than I can??
 >  nudge-nudge ;)
 >

i beg to differ. i have one serve that is running multiple secure virtual hosts 
on different IPs:

<virtualhost 1.2.3.4:443>.......</virtualhost>
<virtualhost 5.6.7.8:443>.......</virtualhost>

you cannot run multiple secure servers on a single IP unless you run them on 
different PORTS, like so:

<virtualhost 1.2.3.4:443>servername www.abc.com.......</virtualhost>
<virtualhost 1.2.3.4:444>servername www.def.com.......</virtualhost>

and make sure to listen on the additional ports like so:

<IfDefine SSL>
Listen 1.2.3.4:80
Listen 443
Listen 444
</IfDefine>

david camm
advanced web systems


Greg Edwards wrote:
> Stuart Johnston wrote:
> 
>>
>>> stronghold, which is apache based. you might want to reconsider using 
>>> passphrases.....
>>
>>
>>
>> Yes, and we considered doing that but it is a security risk.  If you
>> have advise on securely using unencrypted certificates, I would
>> appreciate it.
>>
> 
> 
>>
>> Because we are using mod_perl.  Maybe I'm wrong but I think we need
>> seperate instances so that each customer's site will have it's own
>> mod_perl environment.
>>
> 
> 
> Neil Aggarwal might be helpful here.  He gave me a good writeup on 
> installing a cert awhile back.
> 
> You don't need a passphrase to be secure.  The only place a passphrase 
> does anything is during server startup.  If console access to your 
> server is secure then not having a passphrase won't compromise your system.
> 
> The mod_ssl module will only support 1 host name so virtual hosting is 
> not possible with SSL.  It's not like the other modules, SSL is a server 
> unto itself.  Maybe we can get Neil to explain this better than I can?? 
>  nudge-nudge ;)
>