Multiple SSL based IPs on lighttpd

Question

I have lighttpd as web server and on it I have installed IP-based SSL certificates.

I want to have a way to have multiple SSL certificates on each new IP that the server may get.

For example, at the moment I have https://127.0.0.1 and it works, but it certificate on which the CN = 127.0.0.1, so if the webserver gets a new IP from the DHCP server, say 192.168.1.x, the server will cause SSL mismatches.

Instead I need a new certificate exclusively for that IP address.

How can I create a multi-IP based SSL certificate? Of course on lighttpd.

I putted in this way , the servers are actually routers :) so that's why i said it was with dhcp — Alin Andrei, Jan 09 '13 at 14:30

score 0 · Accepted Answer · answered Jan 09 '13 at 14:13

0

I'm not sure I understand your question correct, but if you want to serve the same certificate on all IP interfaces on the server, define a socket without giving an IP:

$SERVER["socket"] == ":443" {
     ssl.engine                  = "enable" 
     ssl.pemfile                 = "/path/to/ssl/certificate.pem" 
}

This way it listens and serves https with the same certificate (certificate.pem) on all interfaces, no matter what IP address has been assigned

answered Jan 09 '13 at 14:13

Mathias R. Jessen

24,907
4
62
95

It seems you understood it correctly , ok that looks good , now i have to find out a method to generate a certificate that will run on all ip addresses Thanks ! – Alin Andrei Jan 09 '13 at 14:27

score 0 · Answer 2 · answered Jan 10 '13 at 11:22

3 options:

Use different certificates by listening on each ip with a separate $SERVER["socket"] block
Use TLS/SNI ("Server Name Indication") - not supported by all clients
Use SubjectAltName, see http://wiki.cacert.org/VhostTaskForce (I recommend going for this option)

Multiple SSL based IPs on lighttpd

2 Answers2