To run more than one Certificate Authority on the Apache web server the configuration must look something like the details below. Please note the SSLCACertificateFile lines referencing 2 different bundle files which give 2 different root authorities. Please also note the virtual host delimiter </VirtualHost> which keeps the details for each virtual host separate.
### Section 3: Virtual Hosts
<IfDefine HAVE_SSL>
## SSL Virtual Host Context
<VirtualHost 192.168.0.20:443>
DocumentRoot "/var/www/html1"
ServerName apache1.trustis.com
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache1.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache1.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache1.ssl/ca.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.0.21:443>
DocumentRoot "/var/www/html2"
ServerName apache2.trustis.com
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache2.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache2.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache2.ssl/other-bundle.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Copyright © Trustis Limited 2010. All
Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust
Services