Gentoo apache2 ssl cert setup

The only real way to support multiple hosts on a single IP is have a certificate, that covers all domains. Not pretty but can work. There are currently 2 and a half ways to obtain an SSL certificate. Purchase a certificate from one of the reputable providers is an option.

Using a self-signed certificate can also be done, though may have implications with warnings on users clients. The half option, which is the recommended option when not using a bought certificate is using a certificate from cacert. They are working hard on getting their certificate included into the main browsers and operating systems, but most of all, it is free and gratis. A new self-signed certificate can be easily created using OpenSSL:. It is probably advised to rename them to something more logical.

The csr script should be downloaded and executed. In this example, the mail server will be called imap but will have aliases configured in DNS for mail, pop, pop3, pop3s, imaps and foo. More can be added of course as fit. Note that foo was added because that is the name of the system offering the imap service. It is not named foo because the postfix or web or any other server is named foo.

This has generated a certificate sign request , which can be used by any root CA to sign with, not only CACert. In the case of CACert. The server will then verify the request and upon that generate the certificate. A link to the certificate will also be e-mailed to the e-mail address bound to the ca-cert. This should leave 3 files, foo. This will also be the naming convention followed during the rest of this document.

Hosting by Gossamer Threads Inc. Quick Search :. View unanswered posts View posts from last 24 hours. View previous topic :: View next topic. After struggling through this once, forgetting most of it and then doing it a second time I figured that I better document what needs to be done to create, obtain and install server certificates for web and email servers that I build.

The nice thing about GoDaddy is that they are included by default in Windows clients eliminating the need for manual installation of CA certificates. GoDaddy also provides a turbo 'wildcard' certificate that allows you to secure as many variations of your domain name as needed. The httpd. In fact this file is only an entry point for configuration. After a fresh install of an Apache server, the configuration resulting from the assemblage of the different configuration files is as follows.

In addition an index. This feature, which was introduced in the early versions of Firefox, is somewhat annoying for developers. The feature means that when a server running on localhost fails to respond, Firefox decides to try localhost.

This often resolves to a not found page. ModSecurity is a rule-based web application firewall that monitors web service traffic, to block attacks exploiting known vulnerabilities. Finally, restart Apache. Look for the errors in the Apache log files of your sites and act accordingly. Substitute N in the example above to the requested number in the output of eselect php list apache2 as displayed earlier on. For each virtual host, provide a DocumentRoot directory that is reachable and accessible by the Apache daemon.

Add a virtual host configuration file VirtualHost. Below are two example virtual host definitions, one for domainname1. It is recommended to provide an IP based virtual host definition as well.

This allows the administrator to put up a message for users that try to reach a site through its IP address:. After inserting virtual hosts, the server needs to be gracefully restarted for the new sites to become active. Finally restart Apache and check the phpinfo site created earlier. Furthermore, there are a few restrictions on the availability of functionality within Apache 2.