Virtual Hosts and Secure Certificates
Posted November 30th, 2003 in Apache (Updated March 19th, 2007)
The Apache web server can be configured to support SSL requests using the mod_ssl or Apache-ssl modules (among others) and OpenSSL. To enable SSL on any webserver you need to have secure certificate which can be obtained from Thawte, Verisign and many other secure certificate issuers.
You can either run Apache as two separate instances, one bound to port 80 (standard web server port) and the other to 443 (standard ssl web server port) or as one instance with multiple virtualhost entries where some are configured to the default 80, and others to port 443.
Note that you require on IP address for each domain name that you have a secure certificate for. If you had for example secure certificates for both www.electrictoolbox.com and www.example.com you would require two IP addressses to secure both of those on your web server. This is due to the way SSL and virtualhosting works; the web browser first connects to the IP address and checks SSL credentials before sending through (encrypted) virtualhost request details.
In our example, we might direct www.electrictoolbox.com at the IP address 10.1.1.1 and www.example.com at 10.1.1.2. To set this up in the Apache configuration file you would something like so (of course, your exact settings, directives and locations will be different):
<Virtualhost 10.1.1.1:80>
ServerName www.electrictoolbox.com
DocumentRoot /www/virtual/www.electrictoolbox.com
</Virtualhost>
<Virtualhost 10.1.1.2:80>
ServerName www.foobar.com
DocumentRoot /www/virtual/www.example.com
</Virtualhost>
<VirtualHost 10.1.1.1:443>
ServerName www.electrictoolbox.com
DocumentRoot /www/virtual/www.electrictoolbox.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /www/certs/www.electrictoolbox.com.crt
SSLCertificateKeyFile /www/certs/www.electrictoolbox.com.key
</Virtualhost>
<VirtualHost 10.1.1.2:443>
ServerName www.example.com
DocumentRoot /www/virtual/www.example.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /www/certs/www.example.com.crt
SSLCertificateKeyFile /www/certs/www.example.com.key
</Virtualhost>
An excellent FAQ about running mod_ssl with Apache can be found at www.modssl.org/docs/2.6/ssl_faq.html
Related posts:
- Compressing files on Apache with mod_deflate (Tuesday, November 6th 2007)
- Default virtualhost's secure certificate used with mod_ssl (Friday, September 21st 2007)
- Using Apache's Rewrite Engine with vhosts enabled (Tuesday, June 19th 2007)
- Howto Restart Apache (Wednesday, December 22nd 2004)

Comments
blog comments powered by Disqus