[lug] ssl apache paths

[Kevin Fenzi]

On Tue, 14 Aug 2007 07:33:24 -0600 (MDT)
dio2002 at indra.com wrote:

> I'm trying to setup self-signed certificates on apache for a couple
> of php sites.
> 
> does anybody know if it's possible to use apache directives to
> selectively apply the ssl protection to specific paths within a given
> vhost versus globally assigning it to the entire domain?  if so how?

See: 
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
and the SSLEngine directive. You can enable per virtual. 

> 
> for example, instead of having ssl protection on the entire domain
> site.com, i'd like to only apply it selectively to site paths:
> 
> site.com/login/*
> site.com/configure/*
> site.com/dothis.php

You would have to do this with redirects or something. 
Ie, when someone goes to one of those dirs via a http: link, you
rewrite it to https and so on. Not easy to do, but possible. 

> Also, i'm getting conflicting info about whether you can use ssl
> certs on MULTIPLE NAMEBASED vhosts on a single server?

no. You can't do name based ssl. 

> I've seen info online that says you can't but then i see examples that
> actually seem to do it.  If I can what do i need to do?  If i can't
> what are my options?  Must i use IP based vhosting?

Yes. Each ssl host needs to have it's own IP. 
The name based virtual stuff takes place after the ssl handshake
between your server and the browser. It already has to know the
hostname it's going to to verify the ssl certificate. You can't do
multiple ones in a single IP... 

There is one exception. You can get a wildcard ssl cert. 
Basically instead of being issued to one host, it's issued to
'*.domain.com" so any host in that domain validates. 

> thanks

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20070814/94b679e8/attachment.pgp>