Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/ScratchPad/NameBasedSSLVHosts The comment on the change is: added stands ------------------------------------------------------------------------------ - = NameVirtualHost and SSL = + == NameBased VirtualHosts and SSL == - An often cited issue with SSL hosting on Apache is that you cannot use NameVirtualHost to host more than one SSL VirtualHost on the same IP Address. This is because the SSL Handshake happens before Apache knows the ServerName you are trying to connect to, and so doesn't know which SSL Certificate/Key to use for the SSL Handshake! + In {{{#Apache}}} we often see people asking how they can host more than one SSL vhost, on the same IP address. + As a rule this is not something that can be done because the SSL Handshake happens before Apache knows the !ServerName you are trying to connect to, and so doesn't know which SSL Certificate/Key to use for the SSL Handshake! - There happens to be one way to get round this, but it only works if several criteria are met: + However, in certain scenarios this can be overcome. But there are several criteria and caveats that must be considered and met: - 1. You can only host VirtualHost's within the same Domain, eg: one.example.com and two.example.com. + 1. You can only host !VirtualHost's within the same domain, eg: one.example.com and two.example.com. - 2. You need a WildCard SSL certificate (one where the Common Name begins with an asterix: *.example.com) + 2. You need a wildcard SSL certificate (one where the Common Name begins with an asterix: i.e {{{*.example.com}}}) You should still be able to do the following: - 1. SSL VirtualHost for a different domain (something-else.com), as long as you are using a different IP Address. + 1. SSL !VirtualHost for a different domain (example2.com), as long as you use a different IP Address (i.e. one that is not used by the wildcard sites): + + {{{ <VirtualHost 192.168.1.2:443> - ServerName www.something-else.com + ServerName www.example2.com ... </VirtualHost> }}} - 2. NameVirtualHost <IP>:443 for a different domain (*.something-else.com), where <IP> is different from the IP Address used for *.example.com + 2.#2 {{{NameVirtualHost <IP>:443}}} for a different domain (*.example2.com), where {{{<IP>}}} is different from the IP Address used for *.example.com {{{ NameVirtualHost 192.168.1.2:443 <VirtualHost 192.168.1.2:443> - ServerName one.something-else.com + ServerName one.example2.com ... </VirtualHost> <VirtualHost 192.168.1.2:443> - ServerName two.something-else.com + ServerName two.example2.com ... </VirtualHost> }}} - You cannot do the following: + However you cannot do the following: - - SSL VirtualHost for a different ServerName (three.something-else.com), where the IP address is the same as that used for *.example.com. + - SSL !VirtualHost for a different !ServerName (three.example2.com), where the IP address is the same as that used for *.example.com. {{{ <VirtualHost 192.168.1.1:443> - ServerName www.something-else.com + ServerName www.example2.com ... </VirtualHost> }}} - Here is the config snippet for two SSL NameVirtualHost's, using a single WildCard SSL Certificate: + Here is the config snippet for two SSL !NameVirtualHost's, using a single wildcard SSL certificate: {{{ Listen 192.168.1.1:443
