Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Apache support two SSL certificates?
- Thread starter 67ray
- Start date
- Thread starter
- #3
Name based addressing allows for many virtual hosts to share the same ip. From what I understand, two different ssl sites can't share the same ip. This is why I suggested ip based addressing. You either need a public ip for each virtual host or use ip aliasing. With ip aliasing one NIC can have more than one ip. This is also called multi homing or virtual ip addressing.
Assuming you have multiple IP's on your box you can make it work.
I used an apache server to proxy to two separate orion servers in a similar manner. In my httpd.conf I redirected to https from htpp.
<VirtualHost 192.168.174.101:80>
ServerName site1.domain.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) [L,R,NC]
</VirtualHost>
<VirtualHost 192.168.174.102:80>
ServerName site2.domain.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) [L,R,NC]
</VirtualHost>
then in my ssl.conf I had something like this;
<VirtualHost 192.168.174.101:443>
ServerName site1.domain.com
SSLEngine On
SSLCertificateFile conf/ssl/site1/site1.cer
SSLCertificateKeyFile conf/ssl/site1/site1.key
ProxyVia On
ProxyPass / ProxyPassReverse / </VirtualHost>
<VirtualHost 192.168.174.102:443>
ServerName site2.domain.com
SSLEngine On
SSLCertificateFile conf/ssl/site2/site2.cer
SSLCertificateKeyFile conf/ssl/site2/site2.key
ProxyVia On
ProxyPass / ProxyPassReverse / </VirtualHost>
Using a specific IP for each virtual host while including the ServerName directive seems to solve the problem of needing a unique IP but only being able to get a cert tied to a domain name. You could also use the same IP but with different ports, SSL only cares that it is a unique IP/Port combination. Hope this helps some.
Note: IP addresses were changed to protect the innocent. ;-)
I used an apache server to proxy to two separate orion servers in a similar manner. In my httpd.conf I redirected to https from htpp.
<VirtualHost 192.168.174.101:80>
ServerName site1.domain.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) [L,R,NC]
</VirtualHost>
<VirtualHost 192.168.174.102:80>
ServerName site2.domain.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) [L,R,NC]
</VirtualHost>
then in my ssl.conf I had something like this;
<VirtualHost 192.168.174.101:443>
ServerName site1.domain.com
SSLEngine On
SSLCertificateFile conf/ssl/site1/site1.cer
SSLCertificateKeyFile conf/ssl/site1/site1.key
ProxyVia On
ProxyPass / ProxyPassReverse / </VirtualHost>
<VirtualHost 192.168.174.102:443>
ServerName site2.domain.com
SSLEngine On
SSLCertificateFile conf/ssl/site2/site2.cer
SSLCertificateKeyFile conf/ssl/site2/site2.key
ProxyVia On
ProxyPass / ProxyPassReverse / </VirtualHost>
Using a specific IP for each virtual host while including the ServerName directive seems to solve the problem of needing a unique IP but only being able to get a cert tied to a domain name. You could also use the same IP but with different ports, SSL only cares that it is a unique IP/Port combination. Hope this helps some.
Note: IP addresses were changed to protect the innocent. ;-)
- Status
Similar threads
- Locked
- Question