How to configure multiple SSL certs on Apache virtual host with aliases?
11,289
You can configure the individual certificates easily using a virtual host for each domain differentiating requests by ServerName
. For example
listen 443
<VirtualHost *:443>
ServerName rex.server.de:443
SSLEngine on
SSLCertificateFile " /etc/ssl/certs/rex.server-de.crt"
SSLCertificateKeyFile " /etc/ssl/certs/rex.server-de.key"
</VirtualHost>
<VirtualHost *:443>
ServerName rex.server.at:443
SSLEngine on
SSLCertificateFile " /etc/ssl/certs/rex.server-at.crt"
SSLCertificateKeyFile " /etc/ssl/certs/rex.server-at.key"
</VirtualHost>
Author by
merlin
Updated on June 09, 2022Comments
-
merlin almost 2 years
I have a web-app that runs on several country domains with the same code. Apache is configured with aliases. This works, except for the point of configuring individual SSL-certs:
ServerAlias *.server-at ServerAlias *.server-ch ServerAlias *.server-es SSLEngine on SSLCertificateFile /etc/ssl/certs/rex.server-de.crt SSLCertificateKeyFile /etc/ssl/private/rex.server-de.key
Is it possible with apache2 to configure more than one SSL certificate inside a virtualhost container?
-
merlin about 7 yearsyes, this is possible. However there are several config options which needs to be duplicated. I am searching for a more "elegant" solution where I can add tens of aliases instead of tens of VHs.
-
pedrofb about 7 yearsThe hostname of the certificate has to match with the ServerName of the server. Using an alias to serve a request not matching with the configured certificate hostname will be rejected by browser. Each virtual host can configure one certificate, and you can not use a wildcard since your domain suffixes are different, so I'm afraid you need to configure one virtual host per domain
-
Andy Castles over 6 yearsProbably too late for the OP, but if you have the same options that you need to put into multiple VHs you can put them into one include file and include the same include file from the different VHs. This way each VH will have different ServerNames and certificates and just one Include directive.
-
Robbie Capps over 5 yearsI have been fiddling with this for a few days, and this worked! Thanks! To others who came here trying to set up encryption for RocketChat: the secret for me was to (1) remove the
ReverseProxyPass
line and (2) useServerName chat.example.com:443
. -
Nux almost 3 yearsNote that if you have a default ssl like
<VirtualHost _default_:443>
then you might need to add aServerName whatever
in there. And yes it can be literallywhatever
. You will get weird results if a server name is not added in some VH.