Solved

Multiple Websites and SSL Certificates on Apache (Same IP Address)

Posted on 2014-11-03
6
387 Views
Last Modified: 2014-11-04
Hello Experts!

I understand by using vhosts file I *should* be able to get this working but I do not understand how apache will know which certificate to use? Upon http request, will apache present the certificate for the first vhost in the list or will it check the header and present the correct certificate? I am looking for information on how it handles this request. Someone told me the only way to do this is by adding a 2nd ip address for the 2nd website/certificate as a 2nd vhost. Is this possible to do with a single IP address or do I need more IP addresses for each website/certificate? Please provide your expertise and insight. Thank you very much.

Also if any documentation is available I would appreciate your links.
0
Comment
Question by:zequestioner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Assisted Solution

by:Stampel
Stampel earned 250 total points
ID: 40419431
It will check for the header only if you require SNI which is explained here :
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you have a choice, add a second IP for this it will work for all client browsers.
SNI is not supported on older brothers
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40419470
Due to the nature of SSL you must use a different ip per certificate.  It's designed this way specifically.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40419493
Partially wrong, using SNI you can use a single IP adress which will work on actual browsers.
Please refer to this link :
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28541415.html
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
ID: 40419566
Due to the iffy nature in all browsers supporting, and just for SSL in general, I don't suggest hacks. You can also do this with private IPs and another local port redirector, but I would only suggest using these in dev environments. But, we don't often have need for signed dev sites. Public sites, I'd highly recommend configing SSL correctly.  Otherwise we are kind of circumventing the reason to serve a signed cert in the first place.
Just my 10 cents.
0
 
LVL 1

Author Closing Comment

by:zequestioner
ID: 40419604
Thanks for the info everyone!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40422935
Note that one solution hosting companies use is a SAN certificate - if you have ten servers on one host, get a single certificate that has all ten domains listed.

SNI is a cleaner solution, but some older browsers don't have support for it.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question