Re: Need help with multiple SSL certs + multiple domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 6, 2012 at 10:09 AM, Ben Johnson <ben@xxxxxxxxxxxxxxxx> wrote:


On 11/5/2012 4:46 PM, Igor Cicimov wrote:
>
> On 06/11/2012 6:03 AM, "Phusion" <phusion2k@xxxxxxxxx
> <mailto:phusion2k@xxxxxxxxx>> wrote:
>>
>> I am in need of some assistance. The server is running Apache
> 2.2.15-15 on Red
>> Hat Enterprise Linux Server 6.3 x86_64. The configuration currently
> has the
>> following which works. We have a wildcard SSL certificate for
> *.domain.com <http://domain.com>. We
>> have all these on one NIC with the same IP address. I need to host a
> website
>> for another domain with that domain having another wildcard SSL
> certificate. I
>> know that I could either make a virtual IP address through aliasing or
> have
>> another NIC with another IP address. Maybe, I need to change to use a
>> combination of name-based virtual hosts and IP-based virtual hosts.
>>
>> Listen 80
>> NameVirtualHost *:80
>> NameVirtualHost *:443
>> <VirtualHost *:80>
>>         ServerName www.domain.com <http://www.domain.com>
>>         Redirect / https://www.domain.com/
>> </VirtualHost>
>> <VirtualHost *:443>
>>         ServerName www.domain.com <http://www.domain.com>
>>         DocumentRoot /data/websites/domain/www
>> </VirtualHost>
>> <VirtualHost *:80>
>>         ServerName beta.domain.com <http://beta.domain.com>
>>         Redirect / https://beta.domain.com/
>> </VirtualHost>
>> <VirtualHost *:443>
>>         ServerName beta.domain.com <http://beta.domain.com>
>>         DocumentRoot /data/websites/domain/beta
>> </VirtualHost>
>> <VirtualHost *:80>
>>         ServerName www.domain.net <http://www.domain.net>
>>         Redirect / https://www.domain.com/
>> </VirtualHost>
>> <VirtualHost *:443>
>>         ServerName www.domain.net <http://www.domain.net>
>>         DocumentRoot /data/websites/domain/www
>>         Redirect / https://www.domain.com/
>> </VirtualHost>
>> <VirtualHost *:80>
>>         ServerName www.mydomain.com <http://www.mydomain.com>
>>         Redirect / https://www.mydomain.com/
>> </VirtualHost>
>> <VirtualHost *:443>
>>         ServerName www.mydomain.com <http://www.mydomain.com>
>>         DocumentRoot /data/websites/domain/www
>>         Redirect / https://www.domain.com/
>> </VirtualHost>
>>
>> The new domain could be called domain2.com <http://domain2.com>.
>>
>> <VirtualHost *:80>
>>         ServerName www.domain2.com <http://www.domain2.com>
>>         Redirect / https://www.domain2.com/
>> </VirtualHost>
>> <VirtualHost *:443>
>>         ServerName www.domain2.com <http://www.domain2.com>
>>         DocumentRoot /data/websites/domain2/www
>> </VirtualHost>
>
> You can do ssl name virtual hosts starting with SNI support in all
> modern browsers and apache 2.2.12. All you need to do is point each
> virtual host to its wildcard domain cert. If that was the question...

One important caveat regarding Server Name Indication (SNI): any
user-agent (browser, device, etc.) that doesn't implement SNI (IE on
Windows XP, for example) will be directed to the first virtual host that
is defined in your Apache configuration. This could have unwanted or
unintended consequences, so beware... especially if you cannot easily
re-order the entries manually.

-Ben

Another point here:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck

 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux