[SATLUG] Apache with 1 IP, two SSL sites, different ports

Bruce Dubbs bruce.dubbs at gmail.com
Thu May 21 00:27:15 CDT 2009


Brad Knowles wrote:
> on 5/20/09 5:37 PM, Henry Pugsley said:
> 
>>       If you don't want https://secure2.domain.com to show up as
>> https://secure1.domain.com, you could setup a RedirectMatch or
>> RewriteRule that sends people to the proper port.
> 
> I'm not even sure that's going to work.  My understanding is that SSL 
> certs are tied to the IP address, so that you need a separate IP address 
> for each SSL site that you're going to run.

I haven't been following this closely, but it makes no sense for a cert to be 
tied to an ip address.  It does make sense to be tied to a domain name.  I know 
that openssl does not require a domain name when generating a cert.  If it's a 
self signed cert (aka a certificate authority), it certainly doesn't make sense 
to tie this to an ip address.

Now apache may do something with the domain name...

Now I see:

http://wiki.apache.org/httpd/ExampleVhosts

<VirtualHost _default_:443>
   # Only one virtual host allowed on this port, because name-based
   # virtual hosting doesn't work with SSL
   ServerName www.foo.com
   DocumentRoot /var/www/www.foo.com/htdocs

   CustomLog /var/log/apache/www.foo.com-access.log combined
   ErrorLog /var/log/apache/www.foo.com-error.log

   SSLEngine On

</VirtualHost>

So it's an apache/ssl issue.  Some googling gives:

http://www.debian-administration.org/article/Setting_up_an_SSL_server_with_Apache2
http://www.stombi.net/blog/post/2005/07/14/30-apache2-multiple-ssl-virtual-hosts

Which explain the issue more.

   -- Bruce


More information about the SATLUG mailing list