0

I have many Apache VirtualHosts for each of which I use a dedicated SSLCertificateFile.

This is an configuration example of a VirtualHost:

<VirtualHost *:443>

     ServerName subdomain.domain.localhost

     DocumentRoot "/Users/<my_user_name>/Sites/users/public"
     RackEnv development

   <Directory "/Users/<my_user_name>/Sites/users/publ`enter code here`ic">
     Order allow,deny
     Allow from all
   </Directory>

    # SSL Configuration
    SSLEngine on

    #Self Signed certificates
    SSLCertificateFile /private/etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /private/etc/apache2/ssl/server.key
    SSLCertificateChainFile /private/etc/apache2/ssl/ca.crt

</VirtualHost>

Since I am maintaining more Ruby on Rails applications using Passenger Preference Pane, this is a part of the apache2 httpd.conf file:

<IfModule passenger_module>
  NameVirtualHost *:80
  <VirtualHost *:80>
    ServerName _default_
  </VirtualHost>
  Include /private/etc/apache2/passenger_pane_vhosts/*.conf
</IfModule>

Can I use a single SSLCertificateFile for all my VirtualHosts (I have heard of wildcards) instead of creating one of it for each VirtualHost? If so, how can I change the files listed above?

user65567
  • 671
  • 2
  • 6
  • 9
  • possible duplicate of [Multiple domains with SSL on same IP](http://serverfault.com/questions/126554/multiple-domains-with-ssl-on-same-ip) – Chris S Jan 04 '11 at 14:27

2 Answers2

1

If all of your domain virtual hosts exist within one domain then yes. E.g., foo.example.com, bar.example.com and www.example.com can all share a single certificate that was created for *.example.com.

If you do it any other way you'll get certificate warnings.

The only thing you need to do in the config is specify the appropriate certificate file.

bahamat
  • 6,263
  • 24
  • 28
0

NO. SSL Certificates are issued for a subdomain i.e secure.example.com but some certificate signing authorities do offer wildcard certificate for a domain *.example.com but there are no wildcard certificates. It would compromise the way SSL trust relationship works.

Usually the wildcard for a domain is much more expensive than a regular certificate.

Sameer
  • 4,118
  • 2
  • 17
  • 11
  • Actually, you can get get SSL certs with multiple hostnames defined. I have seen them used for Exchange servers where the internal hostname might be exchange.company.local and the external hostname exchange.company.com. It does require TLS extensions,but that's not a problem these days. Cert providers do know how to charge for these certs though!! – Niall Donegan Jan 12 '11 at 02:43