Results 1 to 10 of 10

Thread: Apache Virtual Hosts and SSL certificates

  1. #1
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts

    Apache Virtual Hosts and SSL certificates

    Can anyone confirm that I cannt use Name Based Virtual Hosts along with SSL certificates?

    I have a number of sites that I want to run off the one server, and am using name based host resolution at the moment; am I right in saying that the only way to run mutliple SSL based sites off the one physical machine is by giving it a specific IP address for each site?
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  2. #2
    Agent of the System ikonia's Avatar
    Join Date
    May 2004
    Location
    South West UK (Bath)
    Posts
    3,736
    Thanks
    39
    Thanked
    68 times in 51 posts
    I can confirm this %110

    you can only use certificates with a different IP per site.

    so if you host 10 virtual sites on apache you need to have 10 ip addresses and then assign a site per ip address. You can't share multiple certificates on the same IP
    It is Inevitable.....


  3. #3
    Senior Member
    Join Date
    Jul 2003
    Location
    Nuneaton, UK
    Posts
    289
    Thanks
    0
    Thanked
    0 times in 0 posts
    Well, it kind of does work ish, when I tried it I found that I got sent to the right vhost but the certificate was still the one I had set for my default site, hence bringing up a SSL warning in the browser.

    RenaultSport Clio 172

  4. #4
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts
    Aye - that's no good tho, as it implies that the site is not secure.

    Thanks for the replies. Had a word with the people that manage our servers (KDA Web Services btw - superb company) and they said they can provide additional IP addresses free of charge, so it's not going to be an issue.
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  5. #5
    daft ideas inc. scottyman's Avatar
    Join Date
    Jul 2003
    Location
    Charming and Exotic Bracknell
    Posts
    1,576
    Thanks
    2
    Thanked
    3 times in 3 posts
    that's very nice of them! in my experience they get a strop on when you ask for something extra!

  6. #6
    TiG
    TiG is offline
    Walk a mile in other peoples shoes...
    Join Date
    Jul 2003
    Location
    Questioning it all
    Posts
    6,213
    Thanks
    43
    Thanked
    47 times in 42 posts
    Quote Originally Posted by ikonia
    I can confirm this %110

    you can only use certificates with a different IP per site.

    so if you host 10 virtual sites on apache you need to have 10 ip addresses and then assign a site per ip address. You can't share multiple certificates on the same IP
    I agree with you what you've said, BUT, thinking about it further i don't actually think there is a technical reason you can't do it, i think its purely designed to be set out that way, (then people like thawte know IP address X = Domain Y)

    I think i've actually just answered my own question

    TiG
    -- Hexus Meets Rock! --

  7. #7
    daft ideas inc. scottyman's Avatar
    Join Date
    Jul 2003
    Location
    Charming and Exotic Bracknell
    Posts
    1,576
    Thanks
    2
    Thanked
    3 times in 3 posts
    I think the answer is that they may need to do have a CNAME referring to the domain, rather than an alias - so there's no technical reason why you can't have multiple vhosts on the same IP, having different hostnames - where resolution is done on hostname rather than IP and default site.
    Just tested with my site, and it's fine (two sites on same server - www and scottman both pointing toward different content - scottyman's https works fine, www's throws error saying "name doesn't match") where www is an a record in dns.

    Sorry - other way around - CNAME is A record and vice versa.

  8. #8
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by scottyman
    that's very nice of them! in my experience they get a strop on when you ask for something extra!
    The are a superb firm. If you need servers, PM me and I can give you their contact details.
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  9. #9
    IRN-BRU(tm)
    Join Date
    Aug 2004
    Location
    Milton Keynes
    Posts
    484
    Thanks
    8
    Thanked
    9 times in 7 posts
    i refer you to my signiture

  10. #10
    F.A.S.T. Butuz's Avatar
    Join Date
    Jul 2003
    Location
    Wales
    Posts
    4,708
    Thanks
    51
    Thanked
    72 times in 59 posts
    • Butuz's system
      • Motherboard:
      • MSI Z77 MPOWER
      • CPU:
      • I7 3770K @ 4.6
      • Memory:
      • 16GB Corsair XMS 1866
      • Storage:
      • Sandisk SSDs
      • Graphics card(s):
      • 3xR9 290
      • PSU:
      • be quiet! Dark Power Pro 10
      • Case:
      • Inwin H Frame
      • Operating System:
      • Windows 7
    You can do it if you have install SSL on domain1.com - but you lose internet explorers cooperation and when you access any forwarded domains https://domain2.com IE will throw up nice error messages saying the SSL certificates dont match and this is probably not a secure site yadda yadda.

    having IE throw up errors tends to scare clients, as such most people just use 1 ssl cert per domain name.

    Butuz

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •