tags:

views:

28

answers:

4
Q: 

Apache with two urls and two different SSL certificates

I will ask this with an example - I have a setup, nginx, django, apache ( nginx forwards ssl requests to apache)

I have website https://www.xyz.com which has a ssl certificate associated with it and clients use it when connecting. Lets say, I have another domain name www.abc.com, which I want to assign it to the same server as xyz.com

That is when user types in the browser https://www.abc.com/ it should show the same website as https://www.xyz.com/.

Now to achieve this, Do I need to buy another ssl certificate? if I do, How would I change http.conf file to use this new certificate for another url?

Or Is there any other approach that I can use?

A: 

As long as www.abc.com and www.xyz.com have different IP addresses, you can host them from the same httpd instance. You will need two certificates (unless both are subdomains of a common domain and you get a wildcard certificate). Set them up as two IP-based virtual hosts, with the same content.

See http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts for why.

<VirtualHost 127.0.0.1:443>
    SSLEngine on

    SSLCertificateFile      /etc/ssl/www.abc.com.crt
    SSLCertificateKeyFile   /etc/ssl/www.abc.com.key
    # etc
</VirtualHost>
<VirtualHost 127.0.0.2:443>
    SSLEngine on

    SSLCertificateFile      /etc/ssl/www.xyz.com.crt
    SSLCertificateKeyFile   /etc/ssl/www.xyz.com.key
    # etc
</VirtualHost>
p00ya  2010-08-30 15:31:22
Hey thanks p00ya, what if www.abc.com and www.xyz.com have same IP address? I have www.xyz.com already on the server and I am going to register www.abc.com to same IP address so that I have two urls for same site.
Sujit  2010-08-30 16:04:49
You can try using SNI as in Turbo J's answer, but many browsers do not support this TLS extension (e.g. internet explorer under Windows XP)! If they are really the same site, have you considered just issuing an HTTP redirect?
p00ya  2010-08-31 01:02:42
A: 

Have you really tried to ask Google? One of my first hits is: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
on the apache wiki.

If you have more than one IP address, I'd recommend to use IP-address-based SSL rather than name-based, because older clients (IE on XP) do not support SNI.

Turbo J  2010-08-30 17:30:59
A: 

(I'm copying/pasting a slightly modified version of my own answer to this question. What hasn't been suggested in the existing answers so far is the use of multiple subject alternative names.)

The easy way is to be able to host www.abc.com and www.xyz.com on two distinct IP addresses (perhaps the same machine), in which case you can configure a different certificate for each.

If you're constrained to have a single IP address (and port) for the two names, if you want to use two distinct certificates, you would need to use the Server Name Indication (SNI) extension, which is relatively recent (and might not be supported by all browsers, but it seems to work with recent ones).

If you can't use SNI, you'd need the same certificate to be valid for both www.abc.com and www.xyz.com at the same time, which may be achieved by putting the two DNS entries in the Subject Alternative Name extension, or perhaps by using a wildcard, if the pattern for the two hosts is suitable (note that wildcards are unlikely to be acceptable if it's for two distinct domains rather than sub-domains). These two options are probably more expensive than two distinct certificates, with commercial CAs.

Bruno  2010-09-02 21:26:17
A: 

I ended up buying single multidomain certificate(UCC) for two domains. and modified the nginx configuration to direct two sites to the same apache server.

As I had nginx in front of apache, I did not need to change the http.conf configuration.

Thank you very much guys for your help !

Sujit  2010-10-20 20:00:29

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP