Re: [cobalt-users] SSL on RAQ2 : #2

[Aeron Jarrett <ajarrett@xxxxxxxxxxxxx>]

I think I'll take a shot at question number 2!

To have a certificate for each site, you will need to do what you do for
the certificate for the original site... but assigning different names to
the certificate... as far as I know, there isn't a way to name a
certificate as or before you prepare it... but you can rename any file
afterward!

So what I do is:
backup the original certificate request file
make a new request with the information pertaining to the virtual site
Make the request
when the request response is recieved...
telnet in as admin and do the su - thingy to become root.

Go to the directory where the certificate for the main site is. Do pico or
vi (i do pico) and paste the certificate into that file.
save (write) the file as sitename.crt or something so that you can
remember what site it is for...

Then add a virtualhost block similar to this one (which is similar to the 
default one) into httpd-ssl.conf:

#Define a vritual Secure server for nintendo.com
<VirtualHost www.nintendo.com:443>
DocumentRoot /home/sites/site001/web
# The following line seemed to have no affect
ScriptAlias /cgi-bin/ /home/sites/site79/web/cgi-bin/
AliasMatch ^/~([^/]+)(/(.*))? /home/sites/site79/users/$1/web/$3
SSLEngine on
SSLCertificateFile    /etc/httpd/conf/ssl.crt/nintendo.crt   
#you see that this is the path to the certificate for this particular
#site!?
#SSLCertificateFile    /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
# Added this section attempting to point out the cgi-bin for a virtualhost
<Directory /home/sites/site79/web/cgi-bin>
#    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>
# 

Then restart the server... /etc/rc.d/init.d/httpsd restart
and give it the passkey phrase and you should be set!

And you just replicate that for the sites as you go along... I've done it
for two of our sites so far...