Hi, Actually, having multiple HTTPS virtual hosts on the same IP address is not possible becasue of limitations in SSL itself. The correct and only way to handle this is to use a different IP address for each host for which you want an HTTPS. That means setting up your servers net interface to have multipel IP addresses, which is a simple matter on all systems (AIX is a kind of exception though). You will need separate certificates for each virtual host for which you want to have an HTTPS. The config is also relatively simple. An example is: NameVirtualHost 123.123.123.20:80 <VirtualHost webmail.myserver.com:80> ServerName webmail.myserver.com DocumentRoot /usr/local/apache2/htdocs/mail SSLEngine on SSLCertificateFile /usr/local/apache2/conf/certs/webmail_2006.key SSLCertificateKeyFile /usr/local/apache2/conf/webmail_priv.pem SSLCACertificateFile /usr/local/apache2/conf/certs/ca-bundle2005.crt # All other config goes here....... </VirtualHost> <VirtualHost 123.123.123.21:80> ServerName www.myserver.com DocumentRoot /usr/local/apache2/htdocs SSLEngine on SSLCertificateFile /usr/local/apache2/conf/certs/www_2005.key SSLCertificateKeyFile /usr/local/apache2/conf/lara3_priv.pem SSLCACertificateFile /usr/local/apache2/conf/certs/ca-bundle2005.crt # All other config goes here....... </VirtualHost> NameVirtualHost 123.123.123.20:443 <VirtualHost webmail.myserver.com:443> ServerName webmail.myserver.com DocumentRoot /usr/local/apache2/htdocs/mail SSLEngine on SSLCertificateFile /usr/local/apache2/conf/certs/webmail_2006.key SSLCertificateKeyFile /usr/local/apache2/conf/webmail_priv.pem SSLCACertificateFile /usr/local/apache2/conf/certs/ca-bundle2005.crt # All other config goes here....... </VirtualHost> <VirtualHost 123.123.123.21:443> ServerName www.myserver.com DocumentRoot /usr/local/apache2/htdocs SSLEngine on SSLCertificateFile /usr/local/apache2/conf/certs/www_2005.key SSLCertificateKeyFile /usr/local/apache2/conf/lara3_priv.pem SSLCACertificateFile /usr/local/apache2/conf/certs/ca-bundle2005.crt # All other config goes here....... </VirtualHost> You do this for each virtual host, remembering to use the same IP adsress for each virtual host in the corresponding HTTP and HTTPS virtual host configs. The only thing left to worry about is the IP stack - if you have too many IP's on the same network port, maybe your network connection will have problems because the IP stack may not handle it very well. Hope this helps. greetings from Austria Markus On Thursday 16 March 2006 10:11, Frédéric Jolliton wrote: > Hi, > > [I already sent this message to modssl ML, but since it's about > Apache 2 I'm not sure if this place was more appropriate.] > > (Apache 2.0.55, Linux 2.6) > > I can't find authoritative answer about the following question. > > I would like to be sure that I can have multiple VirtualHost > configured simultaneously for HTTP and HTTPS (port 80 and port 443 > respectively) as presented below. > > If I've a certificate with 'cn' to '*.example.com' and the following > Apache configuration, is that ok ? Currently it works fine, but I'm > not sure if I'm relying on some unspecified/undefined behaviors. > > Also, is this dummy VirtualHost (the first one) the correct way to > "force" a given port to answer HTTP instead of HTTPS ? (I know that > it's the other way, where the "first" virtual host with enabled SSL > determine port with HTTPS.) > > Again, there is no problems with this config, but I was just wondering > about its validity. > > -=-=- > Listen 80 > Listen 443 > > NameVirtualHost *:80 > NameVirtualHost *:443 > > <VirtualHost *:80> > # Dummy empty VirtualHost to ensure than port 80 is HTTP > </VirtualHost> > > <VirtualHost *:80 *:443> > Include common-ssl.conf > ServerName foo.example.com > [..] > </VirtualHost> > > <VirtualHost *:80 *:443> > Include common-ssl.conf > ServerName bar.example.com > [..] > </VirtualHost> > -=-=- > > and common-ssl.conf contains: > > -=-=- > <IfModule mod_ssl.c> > SSLEngine on > SSLCertificateFile conf/ssl/web.example.com-cert.pem > SSLCertificateKeyFile conf/ssl/web.example.com-key.pem > SSLCertificateChainFile conf/ssl/root-cert.pem > [.. other SSL options ..] > </IfModule> > -=-=- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx