Installing multiple Certification Authorities on a single Apache webserver
SSL Products
SSL FAQ's
SSL Support

Support Menu

SSL Support Home

Browser Compatibility

FAQs & Solutions


SSL Application Stages:

1. Creating a CSR

2. Buy a Certificate now

3. Doc Requirements

4. Installing a Certificate

5. Display Site Seal

To run more than one Certificate Authority on the Apache web server the configuration must look something like the details below. Please note the SSLCACertificateFile lines referencing 2 different bundle files which give 2 different root authorities. Please also note the virtual host delimiter </VirtualHost> which keeps the details for each virtual host separate.

### Section 3: Virtual Hosts

<IfDefine HAVE_SSL>

## SSL Virtual Host Context

<VirtualHost 192.168.0.20:443>
DocumentRoot "/var/www/html2"
ServerName apache2.rocketsecure.co.uk
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache.ssl/ca.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

<VirtualHost 192.168.0.21:443>
DocumentRoot "/var/www/html2"
ServerName apache2.rocketuk.net
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache2.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache2.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache2.ssl/other-bundle.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

If you are using the above to host InstantSSL Certificate issued by both the old GlobalSign root and the new GTE CyberTrust Root, you may download the two bundle files below:

If you are using the above to host InstantSSL Certificate issued by both the old GlobalSign root and the new GTE CyberTrust Root, you may download the two bundle files below:

GlobalSign bundle file
GTE CyberTrust bundle file