Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Multiple Websites and SSL Certificates on Apache (Same IP Address)

Posted on 2014-11-03
6
380 Views
Last Modified: 2014-11-04
Hello Experts!

I understand by using vhosts file I *should* be able to get this working but I do not understand how apache will know which certificate to use? Upon http request, will apache present the certificate for the first vhost in the list or will it check the header and present the correct certificate? I am looking for information on how it handles this request. Someone told me the only way to do this is by adding a 2nd ip address for the 2nd website/certificate as a 2nd vhost. Is this possible to do with a single IP address or do I need more IP addresses for each website/certificate? Please provide your expertise and insight. Thank you very much.

Also if any documentation is available I would appreciate your links.
0
Comment
Question by:zequestioner
6 Comments
 
LVL 7

Assisted Solution

by:Stampel
Stampel earned 250 total points
ID: 40419431
It will check for the header only if you require SNI which is explained here :
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
If you have a choice, add a second IP for this it will work for all client browsers.
SNI is not supported on older brothers
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40419470
Due to the nature of SSL you must use a different ip per certificate.  It's designed this way specifically.
0
 
LVL 7

Expert Comment

by:Stampel
ID: 40419493
Partially wrong, using SNI you can use a single IP adress which will work on actual browsers.
Please refer to this link :
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_28541415.html
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Accepted Solution

by:
Kent W earned 250 total points
ID: 40419566
Due to the iffy nature in all browsers supporting, and just for SSL in general, I don't suggest hacks. You can also do this with private IPs and another local port redirector, but I would only suggest using these in dev environments. But, we don't often have need for signed dev sites. Public sites, I'd highly recommend configing SSL correctly.  Otherwise we are kind of circumventing the reason to serve a signed cert in the first place.
Just my 10 cents.
0
 
LVL 1

Author Closing Comment

by:zequestioner
ID: 40419604
Thanks for the info everyone!
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40422935
Note that one solution hosting companies use is a SAN certificate - if you have ten servers on one host, get a single certificate that has all ten domains listed.

SNI is a cleaner solution, but some older browsers don't have support for it.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fetching data from Multiple Linux Server using Shell Scripting 55 154
Review of a VPN cert policy 4 43
SMB share across internet 15 65
$_SERVER Variable question 31 27
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question