Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Vhosts
- <VirtualHost 127.0.1.3:443>
- ServerName domain1.com
- ServerAlias www.domain1.com
- ServerAlias www1.domain1.com
- ServerAlias www2.domain1.com
- ServerAdmin webmaster@domain1.com
- DocumentRoot /var/www/ssltest/domain1/
- SSLEngine on
- SSLCertificateFile /etc/apache2/ssl-files/server.crt
- SSLCertificateKeyFile /etc/apache2/ssl-files/server.key
- ErrorLog /var/log/apache2/domain1.com-error_log
- CustomLog /var/log/apache2/domain1.com-access_log common
- </VirtualHost>
- <VirtualHost 127.0.1.2:443>
- ServerName domain2.com
- ServerAlias www.domain2.com
- ServerAlias www1.domain2.com
- ServerAlias www2.domain2.com
- ServerAdmin webmaster@domain2.com
- DocumentRoot /var/www/ssltest/domain2/
- SSLEngine on
- SSLCertificateFile /etc/apache2/ssl-files/server.crt
- SSLCertificateKeyFile /etc/apache2/ssl-files/server.key
- ErrorLog /var/log/apache2/domain2.com-error_log
- CustomLog /var/log/apache2/domain2.com-access_log common
- </VirtualHost>
- Scenario# 1
- $ cat ../ssl-files/ssl.conf
- [ req ]
- default_bits = 1024
- default_keyfile = server.key
- distinguished_name = req_distinguished_name
- req_extensions = req_ext # The extentions to add to the self signed cert
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = US
- stateOrProvinceName = State or Province Name (full name)
- stateOrProvinceName_default = Connecticut
- localityName = Locality Name (eg, city)
- localityName_default = Stamford
- organizationName = Organization Name (eg, company)
- organizationName_default = Virtua, Inc.
- commonName = Common Name (eg, YOUR name)
- commonName_max = 64
- [ req_ext ]
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = *.domain1.com
- DNS.2 = *.domain2.com
- CN entered during csr generation:
- *.domain1.con
- Firefox Error on domain2.com
- domain2.com uses an invalid security certificate.
- The certificate is not trusted because it is self-signed.
- The certificate is only valid for *.domain1.com
- (Error code: sec_error_untrusted_issuer)
- Scenario 2:
- [ req ]
- default_bits = 1024
- default_keyfile = server.key
- distinguished_name = req_distinguished_name
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = US
- stateOrProvinceName = State or Province Name (full name)
- stateOrProvinceName_default = Connecticut
- localityName = Locality Name (eg, city)
- localityName_default = Stamford
- organizationName = Organization Name (eg, company)
- organizationName_default = Virtua, Inc.
- 0.commonName = Common Name (eg, YOUR name)
- 0.commonName_default = *.domain1.com
- 0.commonName_max = 64
- 1.commonName = Common Name (eg, YOUR name)
- 1.commonName_default = *.domain2.com
- 1.commonName_max = 64
- FirefoxOutput in this case:
- domain1.com uses an invalid security certificate.
- The certificate is not trusted because it is self-signed.
- The certificate is only valid for *.domain2.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement