apache2 - Using multiple SSL on multiple domains using one IP address - Ask Ubuntu


i'm using apache , have 2 domains i've created virtual hosts , installed ssl certificates. 1 domain works , other redirects domain. think because site 1 primary site , need separate ip address each domain when using ssl?

i've read quite few articles can use multiple ssl certificates 1 ip doing following in virtual host

<virtualhost *:443>

i've tried doesn't work me. lot of articles mention sni i'm not 100% sure means. shed light on , point me in right direction?

this virtual hosts like

site 1

<virtualhost *:80>   # admin email, server name (domain name), , aliases   serveradmin email@gmail.com   servername  domain.com   serveralias www.domain.com    # index file , document root (where public files located)   directoryindex index.html index.php   documentroot /var/www/html/domain.com/public_html   redirect permanent / https://www.domain.com    <directory "/var/www/html/domain.com/public_html">   options followsymlinks   allowoverride   order allow,deny   allow   </directory>    # log file locations   loglevel warn   #errorlog  /var/www/html/domain.com/log/error.log   #customlog /var/www/html/domain.com/log/access.log combined </virtualhost>  <ifmodule mod_ssl.c> <virtualhost *:443>         serveradmin email@gmail.com         servername domain.com         serveralias www.domain.com          documentroot /var/www/html/domain.com/public_html         <directory "/var/www/html/domain.com/public_html">                 #options indexes followsymlinks multiviews                 options followsymlinks                 allowoverride                 order allow,deny                 allow         </directory>          scriptalias /cgi-bin/ /usr/lib/cgi-bin/         <directory "/usr/lib/cgi-bin">                 allowoverride none                 options +execcgi -multiviews +symlinksifownermatch                 order allow,deny                 allow         </directory>          errorlog ${apache_log_dir}/error.log          # possible values include: debug, info, notice, warn, error, crit,         # alert, emerg.         loglevel warn          customlog ${apache_log_dir}/ssl_access.log combined          alias /doc/ "/usr/share/doc/"         <directory "/usr/share/doc/">                 options indexes multiviews followsymlinks                 allowoverride none                 order deny,allow                 deny                 allow 127.0.0.0/255.0.0.0 ::1/128         </directory>          #   ssl engine switch:         #   enable/disable ssl virtual host.         sslengine on          #   self-signed (snakeoil) certificate can created installing         #   ssl-cert package. see         #   /usr/share/doc/apache2.2-common/readme.debian.gz more info.         #   if both key , certificate stored in same file,         #   sslcertificatefile directive needed.         sslcertificatefile    /etc/apache2/ssl/www_domain_com/www_domain_com.crt         sslcertificatekeyfile /etc/apache2/ssl/www_domain_com/server.key          #   server certificate chain:         #   point sslcertificatechainfile @ file containing         #   concatenation of pem encoded ca certificates form         #   certificate chain server certificate. alternatively         #   referenced file can same sslcertificatefile         #   when ca certificates directly appended server         #   certificate convinience.         sslcertificatechainfile /etc/apache2/ssl/www_domain_com/www_domain_com.ca-bundle          #...  </virtualhost> </ifmodule>

site 2

<virtualhost *:80>   # admin email, server name (domain name), , aliases   serveradmin email@gmail.com   servername  domain2.com   serveralias www.domain2.com    # index file , document root (where public files located)   directoryindex index.php index.html   documentroot /var/www/html/domain2.com/public_html/public   #  redirect permanent / https://www.domain2.com    # log file locations   loglevel warn   errorlog  /var/www/html/domain2.com/log/error.log   customlog /var/www/html/domain2.com/log/access.log combined    setenv ci_env production   setenv ci_base_url http://www.domain2.com/    <directory "/var/www/html/domain2.com/public_html/public">         authtype basic         authname "restricted content"         authuserfile /var/www/html/domain2.com/public_html/public/.htpasswd         require valid-user          options indexes followsymlinks multiviews         allowoverride         order allow,deny         allow   </directory> </virtualhost>  <ifmodule mod_ssl.c> <virtualhost *:443>         serveradmin email@gmail.com         servername domain2.com         serveralias www.domain2.com         documentroot /var/www/html/domain2.com/public_html/public          <directory "/var/www/html/domain2.com/public_html/public">                 #options indexes followsymlinks multiviews                 options followsymlinks                 allowoverride                 order allow,deny                 allow         </directory>         scriptalias /cgi-bin/ /usr/lib/cgi-bin/          <directory "/usr/lib/cgi-bin">                 allowoverride none                 options +execcgi -multiviews +symlinksifownermatch                 order allow,deny                 allow         </directory>          errorlog ${apache_log_dir}/error.log          # possible values include: debug, info, notice, warn, error, crit,         # alert, emerg.         loglevel warn          customlog ${apache_log_dir}/ssl_access.log combined         alias /doc/ "/usr/share/doc/"          <directory "/usr/share/doc/">                 options indexes multiviews followsymlinks                 allowoverride none                 order deny,allow                 deny                 allow 127.0.0.0/255.0.0.0 ::1/128         </directory>          #   ssl engine switch:         #   enable/disable ssl virtual host.         sslengine on          #   self-signed (snakeoil) certificate can created installing         #   ssl-cert package. see         #   /usr/share/doc/apache2.2-common/readme.debian.gz more info.         #   if both key , certificate stored in same file,         #   sslcertificatefile directive needed.         sslcertificatefile    /etc/apache2/ssl/www_domain2_com/www_domain2_com.crt         sslcertificatekeyfile /etc/apache2/ssl/www_domain2_com/server.key          #   server certificate chain:         #   point sslcertificatechainfile @ file containing         #   concatenation of pem encoded ca certificates form         #   certificate chain server certificate. alternatively         #   referenced file can same sslcertificatefile         #   when ca certificates directly appended server         #   certificate convinience.         sslcertificatechainfile /etc/apache2/ssl/www_domain2_com/www_domain2_com.ca-bundle          #...  </virtualhost> </ifmodule>

you don't need ip per ssl domain, need servername directive in each virtualhost. following should work using apache2. different if not using apache2.

<virtualhost *:80>         serveradmin webmaster@localhost         servername example.com         documentroot /var/www  </virtualhost>   <ifmodule mod_ssl.c> <virtualhost *:443>          serveradmin webmaster@localhost         servername example.com         documentroot /var/www          #   ssl engine switch:         #   enable/disable ssl virtual host.         sslengine on          #   self-signed (snakeoil) certificate can created installing         #   ssl-cert package. see         #   /usr/share/doc/apache2.2-common/readme.debian.gz more info.         #   if both key , certificate stored in same file,         #   sslcertificatefile directive needed.         sslcertificatefile /etc/apache2/ssl/example.com/apache.crt         sslcertificatekeyfile /etc/apache2/ssl/example.com/apache.key </virtualhost>  </ifmodule>

Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried ...
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more