0

I have bought three certificates from SSLS (not OpenSSL like most examples and tutorials discuss) for two domains + one subdomain. Let's call them mysite1.com, www.mysite1.com and mysite2.com. I am trying to install the certificates on a single server with a single IP address. I had earlier tried this with OpenSLL and things got messed up, plus this is a production environment so I can't afford to experiment. I have looked at a lot of tutorials including:

https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-debian-9

Here's what I have so far:

default-ssl.conf:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
        ServerName mysite1.com
                ServerAdmin me@mysite1.com

                DocumentRoot /var/www/mysite1.com

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /var/www/ssl/certs/mysite1.com.crt
                SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key

                SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

        </VirtualHost>
        <VirtualHost mysite2.com:443>
        ServerName mysite2.com
                ServerAdmin me@mysite1.com

                DocumentRoot /var/www/mysite2.com

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /var/www/ssl/certs/mysite1.com.crt
                SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key

                SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

        </VirtualHost>
</IfModule>

ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

I have several questions:

I assume that NameVirtualHost is no longer required (according to this) or should I put it in just in case?

Not sure what FilesMatch and Directory do - are they required?

How do I configure the www.mysite1.com address?

Anything else I need to do?

Your help is appreciated.

Chiwda
  • 1,233
  • 7
  • 30
  • 52
  • You need to install the same version of Apache on another server (or local VM), copy your current production configuration, and then start testing there... – Dusan Bajic Jun 04 '19 at 07:09
  • How would I switch my DNS to the other instance and still keep my production site running? Obviously, SSL would fail if the domain names were incorrect.. – Chiwda Jun 04 '19 at 08:23
  • You can add entries in your local hosts file, just for testing – Dusan Bajic Jun 04 '19 at 09:07

0 Answers0