0

Without configuring apache to support SNI, can I purchase a SSL cert and use on a Centos Linux server that has 2 name-based Vhost? I'm only interested in securing ONE of the two domains. Could this be configured in the httpd config file, such as maybe listing the domain that needs to be secured, first etc?

I know SNI can be used for multiple certs on a single server with multiple domains. In my case, I'm only interested in securing a single domain.

user1322092
  • 233
  • 2
  • 11
  • Not sure if I understand where the problem is: if you're just securing one domain, you'd just set up an SSL-enabled Virtual Host on port 443 and be done with it. – cjc Apr 09 '12 at 15:24

1 Answers1

4

Yeah, that'll work just fine - you'll want to create a <VirtualHost *:443> block for the site that needs to be secured.

The one catch is that if someone happens to attempt to stick an https:// on the URL for the non-secured domain, they'll see a certificate error as they try to connect to the secured domain - then if they click through it, they'll load their content from the secured domain.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • Thank you Shane! In addition, I have a self-signed cert used for accessing secured web pages via IP address (for accessing phpMyAdmin). Do I need to remove the self-sign cert first before installing and using the purchased, domain cert? Or, can both co-exist? – user1322092 Apr 09 '12 at 15:32
  • You can always make a default site with a blank page to stop that from happening. – paradroid Apr 09 '12 at 15:43
  • If PHP's on the same IP as the SSL-secured domain, then you'll need to either remove it or use SNI to present it when the site is accessed by IP. If possible, can you remove it and just access phpmyadmin using the domain name? – Shane Madden Apr 09 '12 at 15:43
  • Yeah, I think I'll have to move phpmyadmin under the website, except the website uses the CodeIgniter framework... and phpmyadmin is purely a PHP app. I'm not sure how that will work. – user1322092 Apr 09 '12 at 15:52
  • You can definitely still keep it in a different vhost, if you need to. Maybe on a non-standard port? – Shane Madden Apr 09 '12 at 15:57
  • I think I'll buy a wildcard cert and place phpmyadmin under a subdomain of the codeigniter website. – user1322092 Apr 14 '12 at 13:04
  • I created a follow up thread here: http://serverfault.com/questions/379544/for-enabling-ssl-for-a-single-domain-on-a-server-with-muliple-vhosts-will-this – user1322092 Apr 14 '12 at 21:12