Apache Virtual Hosts and SSL certificates

**DaBeeeenster** · 28-08-2004, 11:31 AM

Can anyone confirm that I cannt use Name Based Virtual Hosts along with SSL certificates?

I have a number of sites that I want to run off the one server, and am using name based host resolution at the moment; am I right in saying that the only way to run mutliple SSL based sites off the one physical machine is by giving it a specific IP address for each site?

**ikonia** · 28-08-2004, 06:54 PM

I can confirm this %110

you can only use certificates with a different IP per site.

so if you host 10 virtual sites on apache you need to have 10 ip addresses and then assign a site per ip address. You can't share multiple certificates on the same IP

**bmh.01** · 29-08-2004, 08:49 PM

Well, it kind of does work ish, when I tried it I found that I got sent to the right vhost but the certificate was still the one I had set for my default site, hence bringing up a SSL warning in the browser.

**DaBeeeenster** · 29-08-2004, 09:32 PM

Aye - that's no good tho, as it implies that the site is not secure.

Thanks for the replies. Had a word with the people that manage our servers (KDA Web Services btw - superb company) and they said they can provide additional IP addresses free of charge, so it's not going to be an issue.

**scottyman** · 02-09-2004, 02:49 PM

that's very nice of them! in my experience they get a strop on when you ask for something extra!

**TiG** · 03-09-2004, 09:06 AM

Originally Posted by ikonia

I can confirm this %110

you can only use certificates with a different IP per site.

so if you host 10 virtual sites on apache you need to have 10 ip addresses and then assign a site per ip address. You can't share multiple certificates on the same IP

I agree with you what you've said, BUT, thinking about it further i don't actually think there is a technical reason you can't do it, i think its purely designed to be set out that way, (then people like thawte know IP address X = Domain Y)

I think i've actually just answered my own question

TiG

**scottyman** · 03-09-2004, 09:13 AM

I think the answer is that they may need to do have a CNAME referring to the domain, rather than an alias - so there's no technical reason why you can't have multiple vhosts on the same IP, having different hostnames - where resolution is done on hostname rather than IP and default site.
Just tested with my site, and it's fine (two sites on same server - www and scottman both pointing toward different content - scottyman's https works fine, www's throws error saying "name doesn't match") where www is an a record in dns.

Sorry - other way around - CNAME is A record and vice versa.

**DaBeeeenster** · 03-09-2004, 09:48 AM

Originally Posted by scottyman

that's very nice of them! in my experience they get a strop on when you ask for something extra!

The are a superb firm. If you need servers, PM me and I can give you their contact details.

**Purple** · 06-09-2004, 03:20 PM

i refer you to my signiture

**Butuz** · 09-09-2004, 09:33 AM

You can do it if you have install SSL on domain1.com - but you lose internet explorers cooperation and when you access any forwarded domains https://domain2.com IE will throw up nice error messages saying the SSL certificates dont match and this is probably not a secure site yadda yadda.

having IE throw up errors tends to scare clients, as such most people just use 1 ssl cert per domain name.

Butuz

Thread: Apache Virtual Hosts and SSL certificates

LinkBack

Thread Tools

Apache Virtual Hosts and SSL certificates

Thread Information

Users Browsing this Thread

Posting Permissions