I would like to know how I can configure my Apache 2 (version 2.0.64) to use multiple key/certificate pairs for mutual authentication.
More precisely, I have configured my apache to accept SSL connections on port 443 by using this config:
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile certs/mycert.crt
SSLCertificateKeyFile certs/mykey.key
SSLCACertificateFile certs/ca.crt
.....
</VirtualHost>
I have 2 aliases, let say:
https://myserver/project1
https://myserver/project2
I would like to use different key/certificate pairs (than mykey.key/mycert.crt) to authenticate client that connect to my 2nd URL (https://myserver/project2).
I tried with the <Location> and <LocationMatch> directives, but SSL directives do not seem to be supported under theses ones.
How can this be done?
There is an extension named Service Name Indication (aka SNI) in TLS. The TLS client indicates the name of the server it is connected to; therefore the server is able to select the correct key and certificate to use.
According to the SNI wikipedia page both Apache 2 modules mod_ssl and mod_gnutls seems to support this extension and also numerous web clients
An Apache 2 configuration tutorial is available here: http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts