I must understand how I'm able to configure my Apache 2 (version 5..64) to make use of multiple key/certificate pairs for mutual authentication.
More precisely, I've set up my apache to simply accept SSL connections on port 443 applying this config:
<VirtualHost _default_:443> SSLEngine on SSLCertificateFile certs/mycert.crt SSLCertificateKeyFile certs/mykey.key SSLCACertificateFile certs/ca.crt ..... </VirtualHost>
I've 2 aliases, let say:
I must use different key/certificate pairs (than
mycert.crt) to authenticate client that connect with my second URL (
I attempted using the
<LocationMatch> directives, but SSL directives don't appear to become supported under theses ones.
How is this done?
There's extra time named Service Name Indication (also known as SNI) in TLS. The TLS client signifies the title from the server it's attached to and so the server has the capacity to choose the right key and certificate to make use of.
Based on the SNI wikipedia page both Apache 2 modules mod_ssl and mod_gnutls appears to aid this extension as well as numerous web clients
An Apache 2 configuration tutorial can be obtained here: http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
Possibles methods to will have SNI with apache2:
- Upgrade apache2 to version 5.2.x
- Compile/Install gnutls with apache2