Apache SSL VirtualHosts on a single IP using UCC/SAN certificate

apache-2.2 ssl virtualhost certificate
16,641

I tested this on my apache 2.2.14 instance and it worked fine:

Use the NameVirtualHost directive (to ports.conf):

NameVirtualHost *:443

define your vhosts:

<VirtualHost *:443>
  ServerName www.siteA.com
  DocumentRoot "/opt/apache22/htdocs/siteA"
  SSLCertificateFile "/path/to/my/cert"
  SSLCertificateKeyFile "/path/to/my/key"
</VirtualHost>
<VirtualHost *:443>
  ServerName www.siteB.com
  DocumentRoot "/opt/apache22/htdocs/siteB"
  SSLCertificateFile "/path/to/my/cert"
  SSLCertificateKeyFile "/path/to/my/key"
</VirtualHost>

I used this link as a resource.

Share:
16,641
Mikuso
Author by

Mikuso

Updated on September 17, 2022

Comments

  • Mikuso
    Mikuso over 1 year

    I need to host several Apache virtual hosts with SSL from a single IP.

    Now - I understand that because SSL wraps around the HTTP request, there's no way to know which host is being requested until a public key has been sent to the client first. This essentially breaks the possibility of SSL virtual hosts using a standard SSL certificate.

    I have obtained a Unified Communications Certificate (UCC), otherwise known as a Subject Alternative Name (SAN) certificate. This allows me to serve the same certificate for multiple domains.

    I would like this to be the certificate served by Apache for any SSL request - and then have Apache resolve the virtual host as usual, once the encryption has been established.

    How should I configure Apache for this? I have tried to research how this can be done, but all I can find are quotes which say that it is possible, but no specifics:

    wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

    While Apache can renegotiate the SSL connection later after seeing the hostname in the request (and does), that's too late to pick the right server certificate to use to match the request hostname during the initial handshake, resulting in browser warnings/errors about certificates having the wrong hostname in them.

    serverfault.com/questions/48334/apache-virtual-hosts-with-ssl

    Incidentally, it is possible to have multiple SSL-secured named virtual hosts on a single IP address - I do it on my website - but it produces all sorts of warnings in the Apache logs, and certificate warnings in the browser. I certainly wouldn't recommend it for a production site that needs to look clean. -David Jul 31 at 4:58

    www.digicert.com/subject-alternative-name.htm

    Virtual Host Multiple SSL sites on a single IP address. Hosting multiple SSL-enabled sites on a single server typically requires a unique IP address per site, but a certificate with Subject Alternative Names can solve this problem. Microsoft IIS 6 and Apache are both able to Virtual Host HTTPS sites using Unified Communications SSL, also known as SAN certificates.

    Please help.

  • Nick P.
    Nick P. about 13 years
    's answer is correct. One thing that did trip me up for a LOOOONNNNNNGGGGG time was that i had a typo where i had <Virtual *:433>... the correct port is 443! Ugh, hours of my life lost on this one... Hope my pain was not in vain and this helps someone...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create a multi-domain self-signed certificate for Apache2?
How to configure multiple SSL certs on Apache virtual host with aliases?
setup multiple https on same server using different ports
Openssl, my private key is either missing or lost
Two https virtualhosts on same server: same port, different subdomains
Apache multiple virtual hosts with ssl certificates
Apache VirtualHost, multiple sites. 1 ssl with redirect and 1 regular http
Apache VirtualHost with SSL Not Found
Is it possible to run an Apache VirtualHost on port 443 with SSL off?
apache2 reverse proxy 2 virtual hosts & ssl