|
To run more than one Certificate Authority
on the Apache web server the configuration must look something
like the details below. Please note the SSLCACertificateFile
lines referencing 2 different bundle files which give 2 different
root authorities. Please also note the virtual host delimiter
</VirtualHost> which keeps the details for each virtual
host separate. ### Section 3: Virtual
Hosts
<IfDefine HAVE_SSL>
## SSL Virtual Host Context
<VirtualHost 192.168.0.20:443>
DocumentRoot "/var/www/html2"
ServerName apache2.comodo.net
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache.ssl/ca.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"
%b"
</VirtualHost>
<VirtualHost 192.168.0.21:443>
DocumentRoot "/var/www/html2"
ServerName apache2.comodo.net
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache2.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache2.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache2.ssl/other-bundle.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"
%b"
</VirtualHost>
If you are using the above to host
Instant SSL Certificate issued by both the old GlobalSign
root and the new GTE CyberTrust Root, you may download the
two bundle files below:
GlobalSign
bundle file
GTE CyberTrust bundle file
(1 year certificates)
GTE CyberTrust bundle
file (2 and 3 year certificates)
|
