Using more than one SSL certificate with apache

I'm having a problem with my ssl.conf and setting up certificates. I have 2 virtual domains listed in ssf.conf and I have a cert for each of them. The vhosts are listed below. Some stuff has been removed for clarity.

<VirtualHost 192.168.0.50:443>
DocumentRoot "/home/donboy/www/rpgdomains/html/"
ServerName secure.websupport.cc:443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/secure.websupport.cc.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/secure.websupport.cc.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/IPS-IPSCABUNDLE.crt
</VirtualHost>

<VirtualHost 192.168.0.50:443>
DocumentRoot "/home/donboy/www/nexus/html/"
ServerName secure.nexuscity.net:443
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/secure.nexuscity.net.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/secure.nexuscity.net.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/IPS-IPSCABUNDLE.crt
</VirtualHost>

I have heard that I cannot have more than one SSL cert on the same IP address.  The problem is I'm not doing my own DNS. I'm using a 3rd party to handle the DNS. So when somebody calls http://nexuscity.net in the browser, the request is directed to www.zoneedit.com and from there, the http request is forwarded to my IP address. This prevents me from having to mess with my own DNS records, but it also means that all requests must be served from the same IP adrress and the vhosts are differentiated by the ServerName directive.  (At least that's how I understand it all to work)

Is there anything I can do to use more than one cert on the same IP?  Is there some other method I could do to setup apache so that I can use more than one cert in the same conf file?   I guess I could run another instance of apache, but that seems just too problematic and too much overhead just for an extra cert.
LVL 2
DonboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

periwinkleCommented:
You must have a unique IP address for each cert - there is no way to share an IP address for multiple certs that I am aware of.
0
DonboyAuthor Commented:
Ok, I kind of expected that answer.  But is there anything else I can do to accomplish the same goal?  How is something like this normally handled??  Do I need to be doing  my own DNS in order to make this happen?
0
periwinkleCommented:
It not that you aren't doing your own DNS, but that you are using zoneedit to get around not having a static IP address.  Does your ISP support dedicated IP addresses?  Perhaps they would assign you a range of dedicated IP addresses (possibly for $$"s)?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

DonboyAuthor Commented:
No, my provider... cableone.net... does not offer a fully static IP addresses... at least not in my location.  I've also shopped around and there really is nothing good in my area that's suitable and offers a static IP.  other providers in my area are running speeds that are way too slow and actually cost more!

What cableone has given me is a "leased" IP address. So while it's possible that the IP may occasionally change, for the most part, it's pretty steady.  I've had the same IP address for about 3 months now, so that's good.  But the problem is, I plan to have numerous domains hosted on the same server and I don't want a dozen sites broken for a week everytime they give me a new IP because I would have to update all my accounts at networksolutions.com to point to new IP addresses.  This way, i do it at zoneedit and the change is pretty much instantaneous.

My server is sitting behind a router which assigns it a static IP.  So maybe I could point multiple IPs (somehow) to the same machine?  Right now I'm just using port forwarding on the router to send all https requests to the same IP... the IP of the server.
0
tkavuriCommented:
OK I have gone through this trouble recently. As your are expecting the ansewer is no , you can not install 2 certs on the same IP address and same port. If you want to use the same IP you have to run the second VH on a non standard port ( other than 443 ).

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DonboyAuthor Commented:
Well, hmmm.  I guess the successfully answers the question.  I will award you the points.  Thanks for answering.  I'm really not crazy about opening up those extra ports, but I guess it has to be done for this to work.  Any other advice for me in this redard?  If not, thanks for your insight.
0
tkavuriCommented:
Hey Thanks for those points :) . If you still need any help with that let me know. I can send you an example conf file.

tk
0
fletchsodCommented:
One quick question here.  I can tell this refer to the Apache server itself?  My company use firewall, so behind the firewall is a possibility of more IP Addresses to use on Apache.  So, my question here is does this limitation apply if two or more certificates use the same IP address that point to the firewall?  Just wondering.  

Thanks,
 FletchSOD
0
tkavuriCommented:
As long as your firewall let the traffic go to this IP you should be okay.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.