[CentOS] SSL and virtual hosts?
Filipe Brandenburger
filbranden at gmail.com
Mon Sep 21 14:41:45 UTC 2009
Hi,
On Mon, Sep 21, 2009 at 10:17, Niki Kovacs <contact at kikinovak.net> wrote:
> Jerry Franz a écrit :
>> Tracy Phillips wrote:
>>> Benjamin Franz wrote:
>>>> 1) Use a wildcard cert. You can use *.somedomain certs to serve multiple
>>>> SSL domains on a single IP so long as they fit in the *.somedomain pattern.
>>>
>>> This is incorrect.
>> Yes you can. I have SSL servers configured precisely like that. They
>> work fine.
I also have this configured in a couple of servers. as long as you
have a wildcard certificate (*.example.com) and all names are direct
subdomains of that domain (www.example.com, secure.example.com,
intranet.example.com, wiki.example.com, bugs.example.com, etc.) it
works just fine.
There are some warnings in Apache's error_log, like those:
[warn] Init: You should not use name-based virtual hosts in
conjunction with SSL!!
[warn] RSA server certificate CommonName (CN) `*.example.com' does NOT
match server name!?
But it works regardless of those.
> Any way you can copy/paste your Apache configuration?
There is nothing to it, you should only make sure that the
SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile
point to the same files in all your virtual hosts, and that those
files are the ones for the wildcard certificate.
If you have to provide SSL for different domains, you can do that
using IP-based virtual hosts, there is some documentation on how to do
that here:
http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
If you go that route and start having to assign a very large number of
IPs to a single machine, you can assign a whole IP range to a machine
by creating an interface alias to the loopback interface, that way you
can assign 16, 32, 64, 128, 256 or even more IPs to a machine with one
configuration only. Let me know if you would like more information on
how to do that.
Cheers,
Filipe
More information about the CentOS
mailing list