Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Multiple Websites and SSL Certificates on Apache (Same IP Address)

Posted on 2014-11-03
6
Medium Priority
?
404 Views
Last Modified: 2014-11-04
Hello Experts!

I understand by using vhosts file I *should* be able to get this working but I do not understand how apache will know which certificate to use? Upon http request, will apache present the certificate for the first vhost in the list or will it check the header and present the correct certificate? I am looking for information on how it handles this request. Someone told me the only way to do this is by adding a 2nd ip address for the 2nd website/certificate as a 2nd vhost. Is this possible to do with a single IP address or do I need more IP addresses for each website/certificate? Please provide your expertise and insight. Thank you very much.

Also if any documentation is available I would appreciate your links.
0
Comment
Question by:zequestioner
6 Comments
 
LVL 7

Assisted Solution

by:Stampel
Stampel earned 1000 total points
ID: 40419431
It will check for the header only if you require SNI which is explained here :
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you have a choice, add a second IP for this it will work for all client browsers.
SNI is not supported on older brothers
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40419470
Due to the nature of SSL you must use a different ip per certificate.  It's designed this way specifically.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40419493
Partially wrong, using SNI you can use a single IP adress which will work on actual browsers.
Please refer to this link :
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28541415.html
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 12

Accepted Solution

by:
Kent W earned 1000 total points
ID: 40419566
Due to the iffy nature in all browsers supporting, and just for SSL in general, I don't suggest hacks. You can also do this with private IPs and another local port redirector, but I would only suggest using these in dev environments. But, we don't often have need for signed dev sites. Public sites, I'd highly recommend configing SSL correctly.  Otherwise we are kind of circumventing the reason to serve a signed cert in the first place.
Just my 10 cents.
0
 
LVL 1

Author Closing Comment

by:zequestioner
ID: 40419604
Thanks for the info everyone!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40422935
Note that one solution hosting companies use is a SAN certificate - if you have ten servers on one host, get a single certificate that has all ten domains listed.

SNI is a cleaner solution, but some older browsers don't have support for it.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question