Re: VirtualHost with ServerAlias and SSLCertificateFile no friends?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Michael,


you can add any number of domain names to a TLS certificate. These entries are known as  SAN (Subject Alternative Name). So, you want a single TLS certificate with multiple domain names instead of multiple TLS certificates each with a single domain name.


Kind regards,
rexkogitans

Am 04.07.24 um 15:57 schrieb Frank Gingras:


On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov <michaelo@xxxxxxxxxx> wrote:
Folks,

please consider the following example:
> <VirtualHost *:443>
>     ServerAdmin me@xxxxxxxxxxx
>     ServerName foo.example.com
>     ServerAlias foo.sub.example.net
>     DocumentRoot /usr/local/www/apache24/data
>     ErrorLog "/var/log/apache/foo-ssl-errors.log"
>     CustomLog "/var/log/apache/foo-ssl-access.log" common
>
>     SSLEngine On
>     SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
>     SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
>     SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
>     SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
>
>     Include "..."
> </VirtualHost>

I'd like to run a single vhost serving the same content under multiple FQDNs to the users

As far as I understand mod_ssl it does not seem to support to have SNI on a single vhost with multiple hostnames. I get error messages in the log file.
I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
FWIW: the same concept is support with Tomcat: One connector, one default host, aliases and several SSLHostConfig elements.
Is the approach to run two vhosts here? I am sure that a SAN certificate will do the trick, but for €€€ reasons I won' able to order one.

Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


In that case, define separate :443 vhosts for each name, and redirect to the main one. 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux