Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I setup different SSL-Certificates for vhosts on Apache?

I have a web-server, that serves different domain-names, but has only one IP-address assigned. That works fine with virtual hosts in Apache. Now I want SSL-encrypted connections for the websites. How can I set different SSL-certificates for the different vhosts?

Using different IP's for the different hostnames would be an solution - not very elegant but possible. But I want to know, how I can use different SSL-certificates for different vhosts. So I look for a solution with only one IP-address.

like image 447
Mnementh Avatar asked Nov 09 '08 17:11

Mnementh


1 Answers

UPDATE: 2013

It appears that SNI is finally beginning take hold as older browsers are falling away. Here are the docs for Apache SNI and here is a wikipedia article on SNI that includes a chart on browsers that support it. In short, all the major browsers support it in supported versions; if supporting older browsers is important, you may have to take that into consideration.

------ previous answer ------------

SSL Hosts must be tied to a unique IP address/port combination, thus you cannot use virtual hosting (Or at least, it can only have one ssl host per IP address). This is due to the fact that https begins encryption before the Host: parameter is sent in http, and thus it cannot determine which cipher to use from the hostname - all it has is the IP address.

This would be silly easy to fix if HTTP had a TLS command so it could start SSL after asking for the hostname, but no one asked me.

For the definitive answer, see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

like image 110
DGM Avatar answered Sep 25 '22 17:09

DGM