SSL and virtual hosts
Posted on 2004-09-13
We have a server running Apache that is home to about a dozen sites. All of the sites are configured to use the same IP via name-based hosting (NameVirtualHost) in the httpd.conf file.
Recently, one of the sites wanted to accept credit cards online. I purchased and installed a server certificate for the domain and modified httpd.conf to add a <virtualhost> entry for the domain under the "Listen 443" directive. I can now access the site via HTTPS, but I can also access it via HTTP, which kinda negates the whole reason for enabling SSL.
I now realize that maybe I should set up a subdomain (e.g. secure.domain.com) to handle HTTPS requests only. What's the best way to do it? I already have an unused IP address I can dedicate to the subdomain, but I'm not sure a) how to configure the DNS table and b) how to configure httpd.conf so that it associates the existing (shared) IP with HTTP requests on the domain and associates the new (dedicated) IP address with HTTPS requests on the domain.