Apache Name Based Secure Virtual Hosts with different certificates

BodanelBodanel Member Posts: 214 ■■■□□□□□□□
in LPI, Red Hat & Linux Foundation
Anyone has a hint about how to do this? Ive tried several google solutions without success.

Thks
· Share on FacebookShare on Twitter

Comments

  • lordylordy Member Posts: 632 ■■■■□□□□□□
    Where exactly are you stuck? It shouldn't be much more difficult than a plain HTTP virtual host. Something like:

    <VirtualHost 1.2.3.4:443>
    DocumentRoot /var/www/secure
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/...
    SSLCertficateKeyFile /etc/ssl/private/...
    </VirtualHost>
    Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
    Goal for 2014: RHCA
    Goal for 2015: CCDP
    · Share on FacebookShare on Twitter
  • BodanelBodanel Member Posts: 214 ■■■□□□□□□□
    It's the same but if you have only 1 ip address it always points to the first vhost, which is the default one.
    · Share on FacebookShare on Twitter
  • lordylordy Member Posts: 632 ■■■■□□□□□□
    Yes, that's because of the way how HTTPS works.

    The encryption is established before any request is sent so the server can not know which V-Host you were trying to reach. That information would be transmitted in the request which needs to be encrypted. Therefore you need one IP address per SSL-Certificate that you want to use. As IPv4 addresses are getting rare there is an idea called SAN (Subject Alternative Name) that allows you to put multiple hostnames into one certificate so that virtual hosting is possible even with SSL (to some extend).
    Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
    Goal for 2014: RHCA
    Goal for 2015: CCDP
    · Share on FacebookShare on Twitter
  • BodanelBodanel Member Posts: 214 ■■■□□□□□□□
    The next best thing that i've found is here NameBasedSSLVHostsWithSNI - Httpd Wiki but i didnt manage to implement it.
    In the end I've used the same certificate for all vhosts.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.