httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Need help with multiple SSL certs + multiple domains
Date Mon, 05 Nov 2012 23:15:56 GMT
On Tue, Nov 6, 2012 at 10:09 AM, Ben Johnson <ben@indietorrent.org> wrote:

>
>
> On 11/5/2012 4:46 PM, Igor Cicimov wrote:
> >
> > On 06/11/2012 6:03 AM, "Phusion" <phusion2k@gmail.com
> > <mailto:phusion2k@gmail.com>> wrote:
> >>
> >> I am in need of some assistance. The server is running Apache
> > 2.2.15-15 on Red
> >> Hat Enterprise Linux Server 6.3 x86_64. The configuration currently
> > has the
> >> following which works. We have a wildcard SSL certificate for
> > *.domain.com <http://domain.com>. We
> >> have all these on one NIC with the same IP address. I need to host a
> > website
> >> for another domain with that domain having another wildcard SSL
> > certificate. I
> >> know that I could either make a virtual IP address through aliasing or
> > have
> >> another NIC with another IP address. Maybe, I need to change to use a
> >> combination of name-based virtual hosts and IP-based virtual hosts.
> >>
> >> Listen 80
> >> NameVirtualHost *:80
> >> NameVirtualHost *:443
> >> <VirtualHost *:80>
> >>         ServerName www.domain.com <http://www.domain.com>
> >>         Redirect / https://www.domain.com/
> >> </VirtualHost>
> >> <VirtualHost *:443>
> >>         ServerName www.domain.com <http://www.domain.com>
> >>         DocumentRoot /data/websites/domain/www
> >> </VirtualHost>
> >> <VirtualHost *:80>
> >>         ServerName beta.domain.com <http://beta.domain.com>
> >>         Redirect / https://beta.domain.com/
> >> </VirtualHost>
> >> <VirtualHost *:443>
> >>         ServerName beta.domain.com <http://beta.domain.com>
> >>         DocumentRoot /data/websites/domain/beta
> >> </VirtualHost>
> >> <VirtualHost *:80>
> >>         ServerName www.domain.net <http://www.domain.net>
> >>         Redirect / https://www.domain.com/
> >> </VirtualHost>
> >> <VirtualHost *:443>
> >>         ServerName www.domain.net <http://www.domain.net>
> >>         DocumentRoot /data/websites/domain/www
> >>         Redirect / https://www.domain.com/
> >> </VirtualHost>
> >> <VirtualHost *:80>
> >>         ServerName www.mydomain.com <http://www.mydomain.com>
> >>         Redirect / https://www.mydomain.com/
> >> </VirtualHost>
> >> <VirtualHost *:443>
> >>         ServerName www.mydomain.com <http://www.mydomain.com>
> >>         DocumentRoot /data/websites/domain/www
> >>         Redirect / https://www.domain.com/
> >> </VirtualHost>
> >>
> >> The new domain could be called domain2.com <http://domain2.com>.
> >>
> >> <VirtualHost *:80>
> >>         ServerName www.domain2.com <http://www.domain2.com>
> >>         Redirect / https://www.domain2.com/
> >> </VirtualHost>
> >> <VirtualHost *:443>
> >>         ServerName www.domain2.com <http://www.domain2.com>
> >>         DocumentRoot /data/websites/domain2/www
> >> </VirtualHost>
> >
> > You can do ssl name virtual hosts starting with SNI support in all
> > modern browsers and apache 2.2.12. All you need to do is point each
> > virtual host to its wildcard domain cert. If that was the question...
>
> One important caveat regarding Server Name Indication (SNI): any
> user-agent (browser, device, etc.) that doesn't implement SNI (IE on
> Windows XP, for example) will be directed to the first virtual host that
> is defined in your Apache configuration. This could have unwanted or
> unintended consequences, so beware... especially if you cannot easily
> re-order the entries manually.
>
> -Ben
>

Another point here:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck



>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message