Saturday, June 18, 2016

Apache multiple virtual hosts with ssl certificates












I have an problem with Apache and multiple SSL certificates. In case if i config it only for one domain, everithing works fine, but when i add another one as virtualhost it returns an error:



VirtualHost domain1.cz:443 overlaps with VirtualHost domain2.sk:443, the first has precedence, perhaps you need a NameVirtualHost directive
    [Wed Nov 07 16:14:49 2012] [warn] NameVirtualHost *:443 has no VirtualHosts


I tried many combinations of virtualhosts configuration methods, but result are still very similar - First domain is correctly secured and second (domain2.sk) recive certificate from first one.



Please, can you help me with this kind of certificate configuration?




NameVirtualHost *:443


   ServerName domain1.cz
   DocumentRoot /var/www/www.domain1.cz/htdocs/

   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM


   SSLCertificateFile /etc/apache2/ssl/domain1.cz/ssl.crt
   SSLCertificateKeyFile /etc/apache2/ssl/domain1.cz/ssl.key
   SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /etc/apache2/ssl/ca.pem

   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/www/www.domain1.cz/logs/ssl-access.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   LogLevel warn

   ErrorLog /var/www/www.domain1.cz/logs/ssl-error.log



   ServerName domain2.sk
   DocumentRoot /var/www/www.domain2.sk/htdocs/

   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM


   SSLCertificateFile /etc/apache2/ssl/domain2.sk/ssl.crt
   SSLCertificateKeyFile /etc/apache2/ssl/domain2.sk/ssl.key
   SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /etc/apache2/ssl/ca.pem

   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/www/www.domain2.sk/logs/ssl-access.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


   LogLevel warn
   ErrorLog /var/www/www.domain2.sk/logs/ssl-error.log


Answer



Each IP address/port can only serve one SSL certificate. In order to get more than one SSL to work, you'll either need another IP address (recommended) or bind the second SSL certificate to another port on your IP (functional, but a pain for your site visitors b/c the port has to be included in the URL). Check with your host, most of them make additional IP's available affordably.



This thread has more info.



Edit: I can't grammar.



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...