LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   https and http for one domain name (https://www.linuxquestions.org/questions/linux-server-73/https-and-http-for-one-domain-name-867408/)

yoachan 03-09-2011 03:53 AM
https and http for one domain name
 
Dear all,

I'm using a box running CentOS 5.5 powered with Apache2. In this machine I hosted several domains and sub domains, managed by Apache's virtual host.

Due to security issue, one sub domain needs to be able to be accessed either using http or https.
My question is:
  1. Is it possible to set a sub domain to be able to be reached using both http and https?
  2. If it's possible, how to make it happens?

any help appreciated.

regards,

Yoachan

vishnu_sreekumar 03-09-2011 04:18 AM
Yes, what you're trying to do is possible in apache (apart from the given data, I'm assuming that the server got a static IP and no other https domains are served via this IP). I'll just brief what you need to do to configure the subdomain with both http and https. There might be many step by step tutorials available on this so feel free to google and find one if you need more detailed information :P

1) Purchase an SSL certificate for the specific domain.
2) Make sure your apache server is compiled with mod_ssl, if not install and enable mod_ssl
3) Copy the certificate and private key to the specific locations (check the virtualhost configuration given below)
4) Create a virtual host entry for your subdomain (this will serve the domain via http)
5) Create one more virtual host entry like this
Code:
<VirtualHost YOUR_STATIC_IP:443>
    ServerName sub.yourdomain.com
    DocumentRoot /path/to/docroot
    SSLEngine on
    SSLProxyEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLProtocol all -SSLv2
    SSLCertificateFile /etc/pki/tls/certs/yourcert.crt
    SSLCertificateKeyFile /etc/pki/tls/private/yourkey.key
    ErrorLog logs/sub.yourdomain.com-ssl_error_log
    CustomLog logs/sub.yourdomain.com-ssl_access_log common
    LogLevel warn
</VirtualHost>
6) Check the syntax of the config files and restart the server. Your sub-domain should be accessible at both http and https.
Hope this will help you to get started :)

yoachan 03-09-2011 08:44 PM
@Vishnu:

Thanks for your quick and brief reply. :)
I will give it a shot.

About your statement
Quote:
I'm assuming that the server got a static IP and no other https domains are served via this IP
What's the difference if I have other https domain served via this IP. Just in case I need to make another https next time :)

warm regards,

Yoachan

Noway2 03-10-2011 04:11 AM
Quote:
What's the difference if I have other https domain served via this IP. Just in case I need to make another https next time
In https, the connections are established via IP without any knowledge of the host name. This means that if you try to have multiple vhosts that are secure, that the additional hosts will get the security cert that is identified with the first host, not the intended one, and this is an error in the strict sense as the site will be wrong. Depending on your needs, this may not be an issue. For example, if you are using it to access your own Webmail do you care if the cert is strictly valid as long as you know it is your server. You can also look into a function called SNI, Server Name Indication, and there have been some threads here discussing how to implement it.

yoachan 03-13-2011 06:52 AM
@Noway2: Thanks for your reply
It really help me to understand

thanks :)


All times are GMT -5. The time now is 03:36 PM.