Public Pastes
daily pastebin goal
33%
SHARE
TWEET

Untitled

a guest Oct 27th, 2010 41 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  Vhosts
  2. <VirtualHost 127.0.1.3:443>
  3.         ServerName domain1.com
  4.         ServerAlias www.domain1.com
  5.         ServerAlias www1.domain1.com
  6.         ServerAlias www2.domain1.com
  7.         ServerAdmin webmaster@domain1.com
  8.         DocumentRoot /var/www/ssltest/domain1/
  9.            
  10.        
  11.         SSLEngine on
  12.         SSLCertificateFile /etc/apache2/ssl-files/server.crt
  13.         SSLCertificateKeyFile /etc/apache2/ssl-files/server.key
  14.  
  15.  
  16.         ErrorLog /var/log/apache2/domain1.com-error_log
  17.         CustomLog /var/log/apache2/domain1.com-access_log common
  18.  
  19.  
  20. </VirtualHost>
  21.  
  22.  
  23. <VirtualHost 127.0.1.2:443>
  24.         ServerName domain2.com
  25.         ServerAlias www.domain2.com
  26.         ServerAlias www1.domain2.com
  27.         ServerAlias www2.domain2.com
  28.         ServerAdmin webmaster@domain2.com
  29.         DocumentRoot /var/www/ssltest/domain2/
  30.            
  31.        
  32.         SSLEngine on
  33.         SSLCertificateFile /etc/apache2/ssl-files/server.crt
  34.         SSLCertificateKeyFile /etc/apache2/ssl-files/server.key
  35.  
  36.  
  37.         ErrorLog /var/log/apache2/domain2.com-error_log
  38.         CustomLog /var/log/apache2/domain2.com-access_log common
  39.  
  40.  
  41. </VirtualHost>
  42.  
  43.  
  44.  
  45.  Scenario# 1
  46. $ cat ../ssl-files/ssl.conf
  47. [ req ]
  48. default_bits        = 1024
  49. default_keyfile     = server.key
  50. distinguished_name  = req_distinguished_name
  51. req_extensions     = req_ext # The extentions to add to the self signed cert
  52.  
  53. [ req_distinguished_name ]
  54. countryName           = Country Name (2 letter code)
  55. countryName_default   = US
  56. stateOrProvinceName             = State or Province Name (full name)
  57. stateOrProvinceName_default     = Connecticut
  58. localityName                    = Locality Name (eg, city)
  59. localityName_default    = Stamford
  60. organizationName                = Organization Name (eg, company)
  61. organizationName_default        = Virtua, Inc.
  62. commonName            = Common Name (eg, YOUR name)
  63. commonName_max        = 64
  64.  
  65. [ req_ext ]
  66. subjectAltName          = @alt_names
  67.  
  68. [alt_names]
  69. DNS.1   = *.domain1.com
  70. DNS.2   = *.domain2.com
  71.  
  72.  
  73. CN entered during csr generation:
  74. *.domain1.con
  75.  
  76.  
  77. Firefox Error on domain2.com
  78. domain2.com uses an invalid security certificate.
  79.  
  80. The certificate is not trusted because it is self-signed.
  81. The certificate is only valid for *.domain1.com
  82.  
  83. (Error code: sec_error_untrusted_issuer)
  84.  
  85.  
  86. Scenario 2:
  87. [ req ]
  88. default_bits        = 1024
  89. default_keyfile     = server.key
  90. distinguished_name  = req_distinguished_name
  91.  
  92. [ req_distinguished_name ]
  93. countryName           = Country Name (2 letter code)
  94. countryName_default   = US
  95. stateOrProvinceName             = State or Province Name (full name)
  96. stateOrProvinceName_default     = Connecticut
  97. localityName                    = Locality Name (eg, city)
  98. localityName_default    = Stamford
  99. organizationName                = Organization Name (eg, company)
  100. organizationName_default        = Virtua, Inc.
  101. 0.commonName            = Common Name (eg, YOUR name)
  102. 0.commonName_default    = *.domain1.com
  103. 0.commonName_max        = 64
  104. 1.commonName            = Common Name (eg, YOUR name)
  105. 1.commonName_default    = *.domain2.com
  106. 1.commonName_max        = 64
  107.  
  108.  
  109. FirefoxOutput in this case:
  110. domain1.com uses an invalid security certificate.
  111.  
  112. The certificate is not trusted because it is self-signed.
  113. The certificate is only valid for *.domain2.com
RAW Paste Data
Top