Virtual Hosts and Secure Certificates
Posted November 30th, 2003 in Apache (Updated March 19th, 2007)
The Apache web server can be configured to support SSL requests using the mod_ssl or Apache-ssl modules (among others) and OpenSSL. To enable SSL on any webserver you need to have secure certificate which can be obtained from Thawte, Verisign and many other secure certificate issuers.
You can either run Apache as two separate instances, one bound to port 80 (standard web server port) and the other to 443 (standard ssl web server port) or as one instance with multiple virtualhost entries where some are configured to the default 80, and others to port 443.
Note that you require on IP address for each domain name that you have a secure certificate for. If you had for example secure certificates for both www.electrictoolbox.com and www.example.com you would require two IP addressses to secure both of those on your web server. This is due to the way SSL and virtualhosting works; the web browser first connects to the IP address and checks SSL credentials before sending through (encrypted) virtualhost request details.
In our example, we might direct www.electrictoolbox.com at the IP address 10.1.1.1 and www.example.com at 10.1.1.2. To set this up in the Apache configuration file you would something like so (of course, your exact settings, directives and locations will be different):
<Virtualhost 10.1.1.1:80>
ServerName www.electrictoolbox.com
DocumentRoot
/www/virtual/www.electrictoolbox.com
</Virtualhost>
<Virtualhost 10.1.1.2:80>
ServerName www.foobar.com
DocumentRoot /www/virtual/www.example.com
</Virtualhost>
<VirtualHost
10.1.1.1:443>
ServerName
www.electrictoolbox.com
DocumentRoot
/www/virtual/www.electrictoolbox.com
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/www/certs/www.electrictoolbox.com.crt
SSLCertificateKeyFile /www/certs/www.electrictoolbox.com.key
</Virtualhost>
<VirtualHost
10.1.1.2:443>
ServerName
www.example.com
DocumentRoot
/www/virtual/www.example.com
SSLEngine
on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /www/certs/www.example.com.crt
SSLCertificateKeyFile
/www/certs/www.example.com.key
</Virtualhost>
An excellent FAQ about running mod_ssl with Apache can be found at www.modssl.org/docs/2.6/ssl_faq.html
Subscribe!
If you found this post interesting and would like to be notified the next time something is posted, please subscribe to my RSS Feed. Thanks for visiting!
RSS Feed