sks-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Question: serving two different SSL certificates under A


From: Phil Pennock
Subject: Re: [Sks-devel] Question: serving two different SSL certificates under Apache?
Date: Sun, 1 Jun 2014 21:28:04 -0400

On 2014-06-02 at 08:51 +1000, John Zaitseff wrote:
> To clarify: I want to serve my own ZAP Group certificate when HTTPS
> queries come to keyserver.zap.org.au, and the sks-keyservers.net
> certificate when queries come to *.sks-keyservers.net.  Can I do
> this with ONE <VirtualHost> block in Apache, or must I use two?

I can't definitively say that one block might not be made to work: never
discount human ingenuity.  I can say that it would be "interesting" to
see.

I can confirm that SNI with Apache works with two VirtualHost blocks,
albeit perhaps with startup warnings (depending upon Apache version);
if maintenance of common definitions is a concern then I recommend
taking a look at the third-party Apache module "mod_macro" which makes
it possible to have a more DRY Apache config, albeit at the cost of
server_info output becoming a little disjointed.  The other way is to
move the macro expansion to a config file generation time (or deployment
time) instead of run-time, using a pre-processor such as ERB, M4 or
whatever your local poison is.

-Phil
-- 
My employer, Apcera Inc, is hiring sysadmin; primarily San Francisco:
 http://www.apcera.com/jobs/#operations-engineer
(but all the mistakes in this email are made in my personal capacity)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]