?
Solved

Multiple Websites and SSL Certificates on Apache (Same IP Address)

Posted on 2014-11-03
6
Medium Priority
?
389 Views
Last Modified: 2014-11-04
Hello Experts!

I understand by using vhosts file I *should* be able to get this working but I do not understand how apache will know which certificate to use? Upon http request, will apache present the certificate for the first vhost in the list or will it check the header and present the correct certificate? I am looking for information on how it handles this request. Someone told me the only way to do this is by adding a 2nd ip address for the 2nd website/certificate as a 2nd vhost. Is this possible to do with a single IP address or do I need more IP addresses for each website/certificate? Please provide your expertise and insight. Thank you very much.

Also if any documentation is available I would appreciate your links.
0
Comment
Question by:zequestioner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 7

Assisted Solution

by:Stampel
Stampel earned 1000 total points
ID: 40419431
It will check for the header only if you require SNI which is explained here :
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you have a choice, add a second IP for this it will work for all client browsers.
SNI is not supported on older brothers
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40419470
Due to the nature of SSL you must use a different ip per certificate.  It's designed this way specifically.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40419493
Partially wrong, using SNI you can use a single IP adress which will work on actual browsers.
Please refer to this link :
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28541415.html
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 12

Accepted Solution

by:
Kent W earned 1000 total points
ID: 40419566
Due to the iffy nature in all browsers supporting, and just for SSL in general, I don't suggest hacks. You can also do this with private IPs and another local port redirector, but I would only suggest using these in dev environments. But, we don't often have need for signed dev sites. Public sites, I'd highly recommend configing SSL correctly.  Otherwise we are kind of circumventing the reason to serve a signed cert in the first place.
Just my 10 cents.
0
 
LVL 1

Author Closing Comment

by:zequestioner
ID: 40419604
Thanks for the info everyone!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40422935
Note that one solution hosting companies use is a SAN certificate - if you have ten servers on one host, get a single certificate that has all ten domains listed.

SNI is a cleaner solution, but some older browsers don't have support for it.
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question