Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by MarkWatts: http://wiki.apache.org/httpd/ScratchPad/NameBasedSSLVHosts New page: = NameVirtualHost and SSL = An often cited issue with SSL hosting on Apache is that you cannot use NameVirtualHost to host more than one SSL VirtualHost on the same IP Address. This is because the SSL Handshake happens before Apache knows the ServerName you are trying to connect to, and so doesn't know which SSL Certificate/Key to use for the SSL Handshake! There happens to be one way to get round this, but it only works if several criteria are met: 1. You can only host VirtualHost's within the same Domain, eg: one.example.com and two.example.com. 2. You need a WildCard SSL certificate (one where the Common Name begins with an asterix: *.example.com) You should still be able to do the following: 1. SSL VirtualHost for a different domain (something-else.com), as long as you are using a different IP Address. {{{ <VirtualHost 192.168.1.2:443> ServerName www.something-else.com ... </VirtualHost> }}} 2. NameVirtualHost <IP>:443 for a different domain (*.something-else.com), where <IP> is different from the IP Address used for *.example.com {{{ NameVirtualHost '''192.168.1.2:443''' <VirtualHost 192.168.1.2:443> ServerName one.something-else.com ... </VirtualHost> <VirtualHost 192.168.1.2:443> ServerName two.something-else.com ... </VirtualHost> }}} You cannot do the following: - SSL VirtualHost for a different ServerName (three.something-else.com), where the IP address is the same as that used for *.example.com. {{{ <VirtualHost 192.168.1.1:443> ServerName www.something-else.com ... </VirtualHost> }}} Here is the config snippet for two SSL NameVirtualHost's, using a single WildCard SSL Certificate: {{{ Listen 192.168.1.1:443 LoadModule ssl_module modules/mod_ssl.so SSLPassPhraseDialog builtin AcceptMutex flock SSLSessionCache shmcb:/var/cache/httpd/mod_ssl/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed connect builtin NameVirtualHost 192.168.1.1:443 <VirtualHost 192.168.1.1:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/ssl/star.example.com.crt SSLCertificateKeyFile /etc/ssl/star.example.com.key ServerName "one.example.com" DocumentRoot "/var/www/html/one" CustomLog "/var/log/httpd/one-access.log" combined ErrorLog "/var/log/httpd/one-error.log" <Directory /var/www/html> AllowOverride none Order Allow,Deny Allow from all </Directory> </VirtualHost> <VirtualHost 192.168.1.1:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/ssl/star.example.com.crt SSLCertificateKeyFile /etc/ssl/star.example.com.key ServerName "two.example.com" DocumentRoot "/var/www/html/two" CustomLog "/var/log/httpd/two-access.log" combined ErrorLog "/var/log/httpd/two-error.log" <Directory /var/www/html> AllowOverride none Order Allow,Deny Allow from all </Directory> </VirtualHost> }}}
