Hi,
I'm using Apache 2.2 to host multiple subdomains using a single SSL certificate (a wildcard certificate e.g. *.mydomain.com) and, yes, it works! Everything seems to be served correctly and the browsers are pretty happy.
And you can also have the non-SSL sites (virtual hosts on port 80) on the same IP. (That's covered elsewhere)
For those that want similar functionality here's my discovery...
My configuration is like this:
ssl.conf:
Code:
# standard ssl.conf that comes with the distro
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
# the default virtual SSL host
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/"
ServerName mydomain.com:443
ServerAlias www.mydomain.com:443
<Directory "/var/www/html/">
AllowOverride All
Options All
</Directory>
ErrorLog logs/ssl_main-error_log
TransferLog logs/ssl_main-transfer-access.log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/mydomain.cer
SSLCertificateKeyFile /etc/ssl/mydomain.key
SSLCertificateChainFile /etc/ssl/server-intermediate-chain.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_main_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# second virtual SSL host
<VirtualHost *:443>
DocumentRoot "/var/www/sub/"
ServerName sub.mydomain.com:443
ServerAlias www.sub.mydomain.com:443
<Directory "/var/www/sub/">
AllowOverride All
Options All
</Directory>
ErrorLog logs/ssl_sub-error_log
TransferLog logs/ssl_sub-transfer-access.log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/mydomain.cer
SSLCertificateKeyFile /etc/ssl/mydomain.key
SSLCertificateChainFile /etc/ssl/server-intermediate-chain.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_sub_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I would have to say that I don't believe that this will work if you are not using a wildcard SSL certificate and having anything other than subdomains under that wildcard.
It is somewhat limited in scenario where this is useful, but for a set of company websites that should be under SSL, this can be tremedously useful when you have a single IP.