Hi Michael,
you can add any number of domain names to a TLS certificate. These entries are known as SAN (Subject Alternative Name). So, you want a single TLS certificate with multiple domain names instead of multiple TLS certificates each with a single domain name.
Kind regards,
rexkogitans
On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov <michaelo@xxxxxxxxxx> wrote:
Folks,
please consider the following example:
> <VirtualHost *:443>
> ServerAdmin me@xxxxxxxxxxx
> ServerName foo.example.com
> ServerAlias foo.sub.example.net
> DocumentRoot /usr/local/www/apache24/data
> ErrorLog "/var/log/apache/foo-ssl-errors.log"
> CustomLog "/var/log/apache/foo-ssl-access.log" common
>
> SSLEngine On
> SSLCertificateFile /etc/ssl/foo.example.com/cert.crt
> SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt
> SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt
> SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt
>
> Include "..."
> </VirtualHost>
I'd like to run a single vhost serving the same content under multiple FQDNs to the users
As far as I understand mod_ssl it does not seem to support to have SNI on a single vhost with multiple hostnames. I get error messages in the log file.
I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd".
FWIW: the same concept is support with Tomcat: One connector, one default host, aliases and several SSLHostConfig elements.
Is the approach to run two vhosts here? I am sure that a SAN certificate will do the trick, but for €€€ reasons I won' able to order one.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
In that case, define separate :443 vhosts for each name, and redirect to the main one.
|