3

Currently, my apache configuration includes one SSL certificate (with all domains listed as Alternative Subject Names). I furthermore have one virtual host configuration per domain that serves both SSL and non-SSL requests. All this happens on one public IP.

I’d like to switch to multiple SSL certificates, one per domain, using Subject Name Indication. I know it is possible if I duplicate all vhost configuration entries, once for port 80 and once for port 443 with SSL (as already discussed on SF).

But I would rather have something that resembles my current setup, with these features:

  • All SSL related configuration in one place. In the best case a statement telling apache „Use all SSL certificates in this directory, and for each HTTP request, pick the right one based on the SNI information“
  • Virtual host configuration non-duplicated and with no special mention of SSL at all.
  • Possibility to server many domain names with one virtual host configuration, while still having separate certificates for each.

Is that possible?

Joachim Breitner
  • 3,779
  • 3
  • 18
  • 21

1 Answers1

3

There's no getting around the structure of virtual hosts that Apache needs to support this configuration; the <VirtualHost> blocks need to exist and need to contain the config directives to set up the listeners.

The best you can do is something like this..

<VirtualHost *:80>
  # Give this file the directives like ServerName and DocumentRoot that
  # are the same between 80 and 443:
  Include /etc/confdir/domain-a.conf
</VirtualHost>
<VirtualHost *:443>
  # Same file as above, so config will be "shared"
  Include /etc/confdir/domain-a.conf
  # SSL directives for this domain (SSLEngine, cert config) in this file:
  Include /etc/confdir/ssl/domain-a-ssl.conf
</VirtualHost>
Shane Madden
  • 114,520
  • 13
  • 181
  • 251