Idea is to run a wildcard cert off an internal CA for *.domain.com, while public-facing domain.com site is validated by a world recognized CA. Application serving requests is the same though, so I'd think keeping a single VirtualHost configuration section would be nice. The question is about doing it in a single section.
Asked
Active
Viewed 1,110 times
-3
-
4What parts of [the documentation](https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI) and [various](http://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm) [tutorials](http://www.rackspace.com/knowledge_center/article/serving-secure-sites-with-sni-on-apache) [about](https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04) [SNI](http://stackoverflow.com/questions/17981341/apache-sni-multiple-ssl-certificates-on-one-ip-address) are unclear? – MikeyB Apr 14 '14 at 06:34
-
My specific question is whether this is possible to do in a SINGLE VirtualHost section. I'm quite aware that I can define multiple sections and include the longer configuration in each one. – lkraav Apr 14 '14 at 08:38
1 Answers
4
You don't. Apache handles that:
<NameVirtualHost *:443>
<VirtualHost *:443>
ServerName www.yoursite.com
DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile /path/to/www_yoursite_com.crt
SSLCertificateKeyFile /path/to/www_yoursite_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>
<VirtualHost *:443>
ServerName www.yoursite2.com
DocumentRoot /var/www/site2
SSLEngine on
SSLCertificateFile /path/to/www_yoursite2_com.crt
SSLCertificateKeyFile /path/to/www_yoursite2_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>
MikeyB
- 39,291
- 10
- 105
- 189
-
1
-
Good one. @lkraav I would like to improve the original question and put a new answer. The question is similar like this: https://serverfault.com/questions/1095421/is-it-possible-to-generate-a-variable-for-sslcertificatefile-from-http-host-or/ – Sunry Sep 01 '22 at 07:06