Re: Virtual Hosts and SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You only need a separate IP for every virtual host if you are not using a wildcard certificate. Wildcard certs cost a little more, but they are good for all hosts within a particular domain. Then, you can run all of your vhosts on port 443 with the same IP, and the cert will work for all of the vhosts.

Also, if you choose to go with a non-wildcard cert, you can actually run several virtual hosts on the same IP, using different certs for each vhost, but then you are forced to run SSL over a non-standard port. At that point, you need to tell Apache to listen on that port, and configure each of your virtual hosts to listen on both port 80 and whatever port you assign it for SSL transactions. SSL binds to a particular socket, so it's a combination of IP + port number that is unique.

And, it's always necessary to have a separate and complete set of configuration directives for each port that a vhost runs under.

Rob

Frode E. Moe wrote:
On Tue, Nov 28, 2006 at 09:09:20 +0000, Steve Swift wrote:

Where should I go to learn about configuring Virtual Hosts and SSL in the
same apache?

I have virtual hosts woking using "NameVirtualHost *:80"
SSL works for the Virtual Hosts *I* have defined

But in the (default) ssl.conf file installed with apache I find:

<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
... (other, less interesting lines)
</VirtualHost>

What puzzles me is this:
The VirtualHost definition above seems to be working as SSL is finding the
Certificate File (otherwise how would SSL work at all?)
How is this VirtualHost definition working in conjunction with
"NameVirtualHost *:80" ?


You need a separate IP for each SSL virtualhost, since SSL certificates
are exchanged before any HTTP headers (especially the Host: header) are
transferred. So my guess is that apache just picks the first SSL
certificate applicable for a given IP. In other words, it makes no sense
to use NameVirtualHost for SSL / port 443. I don't think your *:80 stuff
makes any difference either way as that sould be independent of anything
on :443.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux