[CentOS] Self-signed certificates

Mon Jan 23 22:29:09 UTC 2006
Jim Perrin <jperrin at gmail.com>

> > > Just tried those instructions and got the same result.  Does the
> > > certificate name have to be called 'server'
> >
> > No, but that's the default. If you change it to something
> > else, then you need to edit /etc/httpd/conf.d/ssl.conf to match.
>
> I tried putting the info for the secure sub-domain in the ssl.conf with the
> name of the sub-domain certificate but that didn't work either.  Still shows
> the certificate for the top-level domain.  :-(


Hmm, maybe I'm not clear on what you're trying to do. Is this a
virtual host? Is it a Name based virtual host? ssl is done per ip, so
if you're doing name based virtual hosting, you only get one cert,
unless you change to a non-standard https port for your second secure
host.

The way around this (not a GOOD way, but a way) is to generate an ssl
cert for *.domain.com. This way it's valid for all subdomains.


--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center