Solved

Multiple Websites and SSL Certificates on Apache (Same IP Address)

Posted on 2014-11-03
6
365 Views
Last Modified: 2014-11-04
Hello Experts!

I understand by using vhosts file I *should* be able to get this working but I do not understand how apache will know which certificate to use? Upon http request, will apache present the certificate for the first vhost in the list or will it check the header and present the correct certificate? I am looking for information on how it handles this request. Someone told me the only way to do this is by adding a 2nd ip address for the 2nd website/certificate as a 2nd vhost. Is this possible to do with a single IP address or do I need more IP addresses for each website/certificate? Please provide your expertise and insight. Thank you very much.

Also if any documentation is available I would appreciate your links.
0
Comment
Question by:zequestioner
6 Comments
 
LVL 7

Assisted Solution

by:Stampel
Stampel earned 250 total points
Comment Utility
It will check for the header only if you require SNI which is explained here :
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you have a choice, add a second IP for this it will work for all client browsers.
SNI is not supported on older brothers
0
 
LVL 12

Expert Comment

by:Kent W
Comment Utility
Due to the nature of SSL you must use a different ip per certificate.  It's designed this way specifically.
0
 
LVL 7

Expert Comment

by:Stampel
Comment Utility
Partially wrong, using SNI you can use a single IP adress which will work on actual browsers.
Please refer to this link :
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28541415.html
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
Comment Utility
Due to the iffy nature in all browsers supporting, and just for SSL in general, I don't suggest hacks. You can also do this with private IPs and another local port redirector, but I would only suggest using these in dev environments. But, we don't often have need for signed dev sites. Public sites, I'd highly recommend configing SSL correctly.  Otherwise we are kind of circumventing the reason to serve a signed cert in the first place.
Just my 10 cents.
0
 
LVL 1

Author Closing Comment

by:zequestioner
Comment Utility
Thanks for the info everyone!
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
Note that one solution hosting companies use is a SAN certificate - if you have ten servers on one host, get a single certificate that has all ten domains listed.

SNI is a cleaner solution, but some older browsers don't have support for it.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now