Recipe 4.8 SSL and Name-Based Virtual Hosts

Problem

You want to have multiple SSL web sites on the same server.

Solution

In most common implementations of SSL, you are limited to one SSL host per address and port number. Thus, either you need to have a unique IP address for each SSL host or run them on alternate ports to get more than one on a particular IP address:

Listen 443 Listen 444 <VirtualHost 10.0.1.2:443>     ServerName secure1.example.com     DocumentRoot /www/vhosts/secure1     SSLEngine On     SSLCertificateFile    /www/conf/ssl/secure1.crt     SSLCertificateKeyFile /www/conf/ssl/secure1.key </VirtualHost> <VirtualHost 10.0.1.3:443>     ServerName secure2.example.com     DocumentRoot /www/vhosts/secure2     SSLEngineOn     SSLCertificateFile    /www/conf/ssl/secure2.crt     SSLCertificateKeyFile /www/conf/ssl/secure2.key </VirtualHost> <VirtualHost 10.0.1.3:444>     ServerName secure3.example.com     DocumentRoot /www/vhosts/secure3     SSLEngineOn     SSLCertificateFile    /www/conf/ssl/secure3.crt     SSLCertificateKeyFile /www/conf/ssl/secure3.key </VirtualHost>

Discussion

The limitation that restricts you to one SSL host per IP address is not a limitation imposed by Apache but by the way that SSL works. When the browser connects to the server, the first thing that it does is negotiate for a secure connection. During this process, the server sends its certificate to the client, which indicates that the rest of the transaction will be encrypted.

Because this happens before the browser tells the server what resource it wants, this part of the conversation can be based only on the IP address on which the client connected. By the time the server receives the Host header field, it is too late the certificate has already been sent.

It is possible to run SSL hosts on ports other than port 443, if the port number is explicitly specified in the URL. This would allow you to get around this limitation, but it would put an additional burden on the end user to type the correct URL with the port number.

See Also

  • Recipe 4.11



Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net