How to configure multiple SSL certs on Apache virtual host with aliases?

apache ssl certificate apache2 virtualhost

11,289

You can configure the individual certificates easily using a virtual host for each domain differentiating requests by ServerName. For example

listen 443

<VirtualHost *:443>
    ServerName rex.server.de:443
    SSLEngine on
    SSLCertificateFile " /etc/ssl/certs/rex.server-de.crt"
    SSLCertificateKeyFile " /etc/ssl/certs/rex.server-de.key"
</VirtualHost>

<VirtualHost *:443>
    ServerName rex.server.at:443
    SSLEngine on
    SSLCertificateFile " /etc/ssl/certs/rex.server-at.crt"
    SSLCertificateKeyFile " /etc/ssl/certs/rex.server-at.key"
</VirtualHost>

11,289

Author by

merlin

Updated on June 09, 2022

Comments

merlin almost 2 years
I have a web-app that runs on several country domains with the same code. Apache is configured with aliases. This works, except for the point of configuring individual SSL-certs:
```
    ServerAlias *.server-at
    ServerAlias *.server-ch
    ServerAlias *.server-es

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/rex.server-de.crt
    SSLCertificateKeyFile /etc/ssl/private/rex.server-de.key
```
Is it possible with apache2 to configure more than one SSL certificate inside a virtualhost container?
merlin about 7 years

yes, this is possible. However there are several config options which needs to be duplicated. I am searching for a more "elegant" solution where I can add tens of aliases instead of tens of VHs.
pedrofb about 7 years

The hostname of the certificate has to match with the ServerName of the server. Using an alias to serve a request not matching with the configured certificate hostname will be rejected by browser. Each virtual host can configure one certificate, and you can not use a wildcard since your domain suffixes are different, so I'm afraid you need to configure one virtual host per domain
Andy Castles over 6 years

Probably too late for the OP, but if you have the same options that you need to put into multiple VHs you can put them into one include file and include the same include file from the different VHs. This way each VH will have different ServerNames and certificates and just one Include directive.
Robbie Capps over 5 years

I have been fiddling with this for a few days, and this worked! Thanks! To others who came here trying to set up encryption for RocketChat: the secret for me was to (1) remove the ReverseProxyPass line and (2) use ServerName chat.example.com:443.
Nux almost 3 years

Note that if you have a default ssl like <VirtualHost _default_:443> then you might need to add a ServerName whatever in there. And yes it can be literally whatever. You will get weird results if a server name is not added in some VH.