LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Apache2, SSL certificates and virtual servers question
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-24-2007, 09:41 AM   #1
Alfar
LQ Newbie
 
Registered: Dec 2006
Posts: 15

Rep: Reputation: 0
Apache2, SSL certificates and virtual servers question

Hi,

I looked at the apache 2 documentation online but there it clearly states that SSLCertificateFile option stays clearly outside a virtual server block. Could anyone tell me how to have a key and certificate pair per virtual server. Placing SSLCertificateFile and SSLCertificateKeyFile inside virtual server gives and error.

Thank you
Alfar
 
Old 08-25-2007, 06:29 AM   #2
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197

Rep: Reputation: 105Reputation: 105
Can't do it like that.

Here is a cut from the documentation at the apache web site at (I don't think I can say it any more clearly or succinctly).

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html


Quote:
Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.

It comes as rather a shock to learn that it is impossible.

The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the SSL session is a separate transaction, that takes place before the HTTP session has begun. The server receives an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds, which matches the port and IP address specified.

You can, of course, use Name-Based Virtual Hosting to identify many non-SSL virtual hosts (all on port 80, for example) and then have a single SSL virtual host (on port 443). But if you do this, you must make sure to put the non-SSL port number on the NameVirtualHost directive, e.g.

NameVirtualHost 192.168.1.1:80

Other workaround solutions include:

Using separate IP addresses for different SSL hosts. Using different port numbers for different SSL hosts.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache, SSL, and Virtual servers riluve Linux - Software 6 05-14-2007 01:13 PM
SSL Certificates SBN Linux - Security 1 09-30-2006 03:29 AM
SSL and name-based virtual servers psychobyte Linux - Networking 1 01-04-2006 05:35 PM
SSL Apache, multiple virtual servers gypsy_rabbi Linux - Software 0 09-11-2004 04:03 PM
Apache2, SSL, 2 Virtual Hosts franticbob Linux - Software 0 04-07-2004 09:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:04 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration