addresses, alias the eth as needed, and multiple single-host certs can be
applied. That works just fine. A separate set of SSL stanzas in each
virtual host section, virtual host by number, not by name.
You may, in that case, actually want to run a separate invocation of
apache for the SSL side of things, so that you can do IP-based virtual
hosts for SSL, and name-based virtual hosts for port 80.
[Ramon] Because encryption is set up before any HTTP headers are sent,
name based vhosting with multiple certificates is not possible.
The only thing that does work is multiple vhosts with one certificate that
validates all of them. I've done that successfully with a project vhost
server on ssl for multiple software development projects. You can get a
wildcard certificate from rapidssl [69]http://www.rapidssl.com for $199.
They're a dirt cheap certificate provider BTW $69 for a two year standard
webserver certificate accepted in most (if not all) browsers
If it were a small organization that would be a possibility. But we're part
of a large organization and can't monopolize the entire domain
(*.example.com). At the same time the sites are for multiple departments,
and we haven't been able to come up with a *.subdomain.example.com that
would satisfy all of them.
Oh wait, you're talking about wildcard IPs rather than wildcard domains?
(checking rapidssl website) No, it is domains.
Hmm, getting a wildcard certificate would obviate the need for multiple
certificates but that's actually the lesser of our problems. The greater
problem is getting more IPs, justifying them, and putting in a new subnet
for them. But I guess I'll tell management that if they really want these
multiple domains on one computer, they'll have to factor a new block of IPs
into the price.
Has anybody had experience with https://cert.startcom.org/ ? It appears to
be a nonprofit project geared toward free certificates.
"The StartCom Certification Authority is currently undergoing an initial
self and successive third party audit as required by various software
vendors, such as Microsoft and Mozilla. This will lead to the natural
support of the StartCom CA by the most popular browser and mail clients.
Right now you still have to import our CA certificate into your browser,
but chances are, that, during the life-time of your certificate (one year),
your certificate will be supported without the need of the CA import."
Probably not an option for us yet, but it looks worth watching.
Duh, our netadmin pointed out that when the second site is moved over, we
can take the IP from that computer. And my other site will replace seven
other servers so we can take their IPs too. That'll last us past the
foreseeable future. Anybody got a few HTTPS sites they need hosting for a
year or two? (Just kidding.)
____________________________________________________
Mozilla hogging the screen
Neil Youngman ([70]ny from youngman.org.uk)
Answered By Ben Okopnik
Mozilla has started hogging my screen. I can select other windows, but if
Mozilla is maximised it remains in front of them. There is presumably a
setting somewhere that is causing this behaviour, but the only setting I
can find I can't seem to change. FYI, this is in [71]KDE.
If I right click the Mozilla title bar and select advanced->special window
settings->preferences, there is a checkbox either side of the "keep above"
setting. The checkbox on the right is checked and greyed out. With a little
fiddling I can get it unchecked, but if I click OK and then reopen the
window to check it, I find that it is selected again.
I don't know if that setting is the source of the problem, but the other
windows don't have it checked, so it's a good candidate.
Any ideas how to fix this one?
OK. Going down into the "special window settings" wasn't necessary. If I
just use "advanced->keep above others" it toggles that checkbox. It's
annoying and a little confusing that it can't be changed from "special
window settings".
[Ben] Hmm. Perhaps one or two - my Firefox started doing some ugly thing a
while back, so I whacked it over the head a couple of times, and will
happily relate what LART I used. :) Mind you, this is in the nature of
shotgunning rather than troubleshooting (I can hear the sounds of retching
from the other techies here, but, hey, it works - and I didn't feel like
pulling down a hundred meg or so of code and wanking through it.)
1. Move your ~/.mozilla to, say, /tmp/DOTmoz.
2. Start Mozilla.
3. If $UGLY_BEHAVIOR is still present, uninstall the mozilla package
(making sure to blow away, or at least _move_ away all the stuff in
"/usr/lib" and "/etc") and reinstall from scratch. If it's still there,
curse life and file a bug. :) Otherwise -
4. Make a copy of your new ~/.mozilla (as, say, /tmp/DOTmoz_default.) Start
replacing the subdirectories in the one in $HOME, one at a time, from
/tmp/DOTmoz until the problem reappears. Narrow it down to the specific
file, then diff that file against the default one. The line causing the
problem should be relatively obvious - since Mozilla uses more-or-less
sensible, descriptive names for their config variables.
=10= |
