[TriLUG] Apache SSL Questions/Help

Michael Peters mpeters at plusthree.com
Mon Oct 27 14:00:10 EDT 2008


Steve Kuekes wrote:

> 1.  Can I get certificates for free from somewhere or do I have to buy one from someone, like 
> godaddy or verisign?

You can just make your own, get them from a free source or buy them. Although browsers will give 
users a warning message for anything except certs that you buy from a trusted authority.

> 2.  Can I have multiple certificates on the server for different virtual hosts?

Yes as long as they all have different IP addresses. SSL is an IP based protocol and doesn't work 
with named virtual hosts.

> 3.  If I can't is there a setup that will allow me to share the certificate somehow?

You can use invalid certs, but your users will always get a warning

> 4.  I might have to use this with a tomcat server using proxypass, can I do this too?

Yes. The SSL layer is between the browser and the server on the front lines. If it then proxies, the 
proxied request is without the SSL security so make sure it's on a secured network. That is unless 
you have another SSL cert/layer between the proxy and the tomcat server.

-- 
Michael Peters
Plus Three, LP




More information about the TriLUG mailing list