[SATLUG] Apache with 1 IP, two SSL sites, different ports

Bruce Dubbs bruce.dubbs at gmail.com
Thu May 21 00:27:15 CDT 2009

Brad Knowles wrote:
> on 5/20/09 5:37 PM, Henry Pugsley said:
>>       If you don't want https://secure2.domain.com to show up as
>> https://secure1.domain.com, you could setup a RedirectMatch or
>> RewriteRule that sends people to the proper port.
> I'm not even sure that's going to work.  My understanding is that SSL 
> certs are tied to the IP address, so that you need a separate IP address 
> for each SSL site that you're going to run.

I haven't been following this closely, but it makes no sense for a cert to be 
tied to an ip address.  It does make sense to be tied to a domain name.  I know 
that openssl does not require a domain name when generating a cert.  If it's a 
self signed cert (aka a certificate authority), it certainly doesn't make sense 
to tie this to an ip address.

Now apache may do something with the domain name...

Now I see:


<VirtualHost _default_:443>
   # Only one virtual host allowed on this port, because name-based
   # virtual hosting doesn't work with SSL
   ServerName www.foo.com
   DocumentRoot /var/www/www.foo.com/htdocs

   CustomLog /var/log/apache/www.foo.com-access.log combined
   ErrorLog /var/log/apache/www.foo.com-error.log

   SSLEngine On


So it's an apache/ssl issue.  Some googling gives:


Which explain the issue more.

   -- Bruce

More information about the SATLUG mailing list