Forum OpenACS Q&A: SSL certs shared between Apache and AOLserver?

Collapse
1: SSL certs shared between Apache and AOLserver?
Posted by Patrick Giagnocavo on 09/18/01 07:24 AM
I have a case where sometimes I might want to use SSL on a machine
with both Apache and AOLserver installed.  I -could- proxy any
AOLserver requests via the Apache process, but am wondering if I use
the same hostname and IP address for both processes, will I be able to
simply share the cert, and run Apache/SSL on say port 443 (the usual
SSL port) and AOLserver/SSL on say 8443, using the same cert?
Otherwise, of course, I have to buy two certs, which I want to avoid.
Collapse
2: Response to SSL certs shared between Apache and AOLserver? (response to 1)
Posted by Bart Teeuwisse on 09/18/01 07:33 AM
I belief that you can do with just one certificate. I'm using the same self signed certificate on two AOLservers on the same machine but different ports. Give it a try.

And if it doesn't work you could run AOLserver (the server on the non standard port) with a self signed certificate if you're using it for development or test purposes.

Collapse
3: Response to SSL certs shared between Apache and AOLserver? (response to 1)
Posted by S. Y. on 09/18/01 07:40 AM
You can use the same keyfile/certfile combination with both AOLserver (nsssl(e).so or nsopenssl.so) and Apache-SSL. I've never used mod_ssl, so I don't know if it'll work, but maybe someone else will chime in.

With Apache-SSL, both the key and certificate need to be in one concatenated file; as you probably know, they need to be separate in the case of AOLserver.

I've only tried this with a self-signed certificate, but it works fine.