Apache multiple virtual hosts with ssl certificates

Question

Possible Duplicate:
Multiple SSL domains on the same IP address and same port?

I have an problem with Apache and multiple SSL certificates. In case if i config it only for one domain, everithing works fine, but when i add another one as virtualhost it returns an error:

VirtualHost domain1.cz:443 overlaps with VirtualHost domain2.sk:443, the first has precedence, perhaps you need a NameVirtualHost directive
    [Wed Nov 07 16:14:49 2012] [warn] NameVirtualHost *:443 has no VirtualHosts

I tried many combinations of virtualhosts configuration methods, but result are still very similar - First domain is correctly secured and second (domain2.sk) recive certificate from first one.

Please, can you help me with this kind of certificate configuration?

NameVirtualHost *:443

<VirtualHost domain1.cz:443>
   ServerName domain1.cz
   DocumentRoot /var/www/www.domain1.cz/htdocs/

   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

   SSLCertificateFile /etc/apache2/ssl/domain1.cz/ssl.crt
   SSLCertificateKeyFile /etc/apache2/ssl/domain1.cz/ssl.key
   SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /etc/apache2/ssl/ca.pem

   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/www/www.domain1.cz/logs/ssl-access.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   LogLevel warn
   ErrorLog /var/www/www.domain1.cz/logs/ssl-error.log
</VirtualHost>

<VirtualHost domain2.sk:443>
   ServerName domain2.sk
   DocumentRoot /var/www/www.domain2.sk/htdocs/

   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

   SSLCertificateFile /etc/apache2/ssl/domain2.sk/ssl.crt
   SSLCertificateKeyFile /etc/apache2/ssl/domain2.sk/ssl.key
   SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /etc/apache2/ssl/ca.pem

   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/www/www.domain2.sk/logs/ssl-access.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   LogLevel warn
   ErrorLog /var/www/www.domain2.sk/logs/ssl-error.log
</VirtualHost>

score 3 · Answer 1 · answered Nov 07 '12 at 20:00

The configuration you posted should be correct, but you must use <VirtualHost *:443> in both cases, and not <VirtualHost domain1.cz:443> or <VirtualHost domain2.sk:443>.

You are correct in specifying domain1.cz and domain2.sk in the ServerName directive.

Please note that this will use a feature called Server Name Indication. You must be running a sufficiently recent copy of Apache and the OpenSSL libraries, and it won't work with older browsers. Read more here about SNI.

score 0 · Accepted Answer · edited Apr 13 '17 at 12:14

0

Each IP address/port can only serve one SSL certificate. In order to get more than one SSL to work, you'll either need another IP address (recommended) or bind the second SSL certificate to another port on your IP (functional, but a pain for your site visitors b/c the port has to be included in the URL). Check with your host, most of them make additional IP's available affordably.

This thread has more info.

Edit: I can't grammar.

edited Apr 13 '17 at 12:14

Community

1

answered Nov 07 '12 at 19:30

Lenwood

184
1
11

2

This was true at one point, but some improvements in OpenSSL and modssl provide a way to serve different certificates for different virtual hosts for clients that support Server Name Indication. – Parker Jun 16 '15 at 12:50

Apache multiple virtual hosts with ssl certificates

2 Answers2