Until a couple of weeks ago, I was under the impression that one could
only have a single HTTPS site per IP address, but it seems I was wrong.
The procedure is described here
on the CACert wiki.
In short, you need multiple SubjectAltName
fields on your server's certificate, such that all the VirtualHost
names that you want to work are either directly mentioned, or will match
The page above includes a link to a nice script
that generates a key and CSR (Certificate Signing Request) ready to be pasted
into CAcert's Server Certificate page.
Note: the CN is pretty much ignored by some browsers, so you'll want to
put the machine's main name as one of the SubjectAltNames as well.
BTW if you get a warning like:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
you probably need to add
to your /etc/apache2/sites-enabled/ssl before the <VirtualHost *:443> line.
Of course, this glosses over the details of doing things like setting
your name and address in the certificate, but since CAcert will strip
all that out anyway, it only matters if you wanted to get it signed by
someone else. Even so, this should get you started -- you can always
edit those details into the csr script.
Syndicated 2008-12-08 19:26:23 from chezfil