[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Question: serving two different SSL certificates under A
From: |
Phil Pennock |
Subject: |
Re: [Sks-devel] Question: serving two different SSL certificates under Apache? |
Date: |
Sun, 1 Jun 2014 21:28:04 -0400 |
On 2014-06-02 at 08:51 +1000, John Zaitseff wrote:
> To clarify: I want to serve my own ZAP Group certificate when HTTPS
> queries come to keyserver.zap.org.au, and the sks-keyservers.net
> certificate when queries come to *.sks-keyservers.net. Can I do
> this with ONE <VirtualHost> block in Apache, or must I use two?
I can't definitively say that one block might not be made to work: never
discount human ingenuity. I can say that it would be "interesting" to
see.
I can confirm that SNI with Apache works with two VirtualHost blocks,
albeit perhaps with startup warnings (depending upon Apache version);
if maintenance of common definitions is a concern then I recommend
taking a look at the third-party Apache module "mod_macro" which makes
it possible to have a more DRY Apache config, albeit at the cost of
server_info output becoming a little disjointed. The other way is to
move the macro expansion to a config file generation time (or deployment
time) instead of run-time, using a pre-processor such as ERB, M4 or
whatever your local poison is.
-Phil
--
My employer, Apcera Inc, is hiring sysadmin; primarily San Francisco:
http://www.apcera.com/jobs/#operations-engineer
(but all the mistakes in this email are made in my personal capacity)