Opened 16 years ago
Last modified 5 years ago
#52 new enhancement
support per-vhost certs in mod_vhost_ldap
Reported by: | quentin | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | web | Keywords: | |
Cc: |
Description (last modified by adehnert)
Per help.mit.edu 569297, we should support per-vhost certificates by adding code to mod_vhost_ldap
[ Note that the status quo is that per-vhost certs are stored in LDAP, and then exported to disk by /etc/httpd/export-scripts-certs. The goal is to remove that "export to disk" stage. ]
Change History (11)
comment:1 Changed 16 years ago by price
comment:2 Changed 16 years ago by andersk
Also 645078.
comment:3 Changed 16 years ago by presbrey
Depends: #55.
comment:4 Changed 16 years ago by andersk
comment:5 Changed 16 years ago by presbrey
Without separate IPs, only browsers supporting SNI can ever benefit from this per-vhost certificates. To address this issue, as in #55, I think this fix should also include support for supporting per-vhost IPs even if only some people get them. For example, SIPB services running on scripts.
comment:6 Changed 14 years ago by adehnert
This is currently handled using reified vhosts, right?
comment:7 Changed 14 years ago by andersk
Yes. This ticket about handling it in mod_vhost_ldap instead so we don’t need to reify vhosts (and so that eventually we’ll be able to automate much more of the process).
comment:8 Changed 12 years ago by ezyang
- Type changed from defect to enhancement
comment:9 Changed 8 years ago by andersk
Here are some of the Apache hooks we’ll need:
comment:10 Changed 8 years ago by andersk
And my mod_vhost_ldap implementation of that hook seems to be working:
https://github.com/andersk/mod-vhost-ldap/commits/vhost-hooks
Now we just need the the inline string syntax for SSLCertificateFile that achernya and davidben are working on.
comment:11 Changed 5 years ago by adehnert
- Description modified (diff)
I requested an OID from jis, which will enable us to extend the LDAP schema as necessary.
(The mail was cc'd to s-m-r.)