[SATLUG] Apache with 1 IP, two SSL sites, different ports

Gabriel Doss gabriel.doss at gmail.com
Thu May 21 14:14:36 CDT 2009


Alright, I've done some more testing and here are my results. Hopefully they
will answer some lingering questions about the issue.

I wiped my saved certs from my browser for the two domains in question and
pointed my browser at https://secure2.domain.com.

The browser requested override for the certificate on
secure1.domain.com(reason: self-signed plus domain mismatch) and then
on redirect the override
request was made for the second certificate (reason: self-signed). In this
instance it is not a big deal since the sites in question are both intranet,
but certainly would lead to problems with public-facing domains.

Having two SSL certs on one IP is not a problem, provided they are on
different ports, and the secondary port is specified in the URL. I have
confirmed that if I clear my certs and point my browser at
https://secure2.domain.com:4443 the secure1.domain.com cert is never
requested.

So, to reach and not display the port number in the secure2.domain.com URL
(which was my original goal) it looks like I will need to split eth0 or
install a second NIC. Since I am in control of the hardware as well as root
access in this instance, not a problem.

Thanks again for the help,

Gabriel


More information about the SATLUG mailing list