Skip to content

Multiple HTTPS domains and sub-domains on a single server using a wildcard certificate

Since HTTPS doesn’t know the domain name before sending a certificate, it’s common that when using multiple domains dedicated IP addresses are used for each virtual host. There’s nothing wrong with that, but at least some ISP’s require you to register a whole address space after 5 registered IP’s.

I had a scenario where there were three different domains and for them three different virtual hosts. There was a requirement to add new virtual hosts that were sub-domains for one of the previous domains and these were also to be secured. Seems like it couldn’t be done, but there is solution.

What you need is a wildcard certificate that is specified in the first virtual host entry with the IP and domain name of that host. The other sub-domains have to be the next ones before the other domains. From those sub-domains you can exclude the SSL specific configuration, because these are inherited from the “main” virtual host. After those ones you may configure the other domains that use their own IP’s.

Here’s the relevant Apache configuration:

#
# *.MAINDOMAIN.COM
#
<VirtualHost 192.168.0.1:443>
ServerName www.maindomain.com
# General setup for the virtual host at this IP
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/ssl/certs/certificate.crt"
SSLCertificateKeyFile "/etc/ssl/private/certificate.key"
SSLCertificateChainFile "/etc/ssl/certs/CA_bundle.pem"
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
...Configure here
</VirtualHost>
# SUB2.MAINDOMAIN.COM
<VirtualHost 192.168.0.1:443>
ServerName sub2.maindomain.com
ServerAlias www.sub2.maindomain.com
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
...Configure here
</VirtualHost>
# SUB3.MAINDOMAIN.COM
<VirtualHost 192.168.0.1:443>
ServerName sub3.maindomain.com
ServerAlias www.sub3.maindomain.com
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
...Configure here
</VirtualHost>
#
# END *.MAINDOMAIN.COM
#
# 2NDDOMAIN.COM
<VirtualHost 192.168.0.2:443>
ServerName www.2nddomain.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/ssl/certs/certificate3.crt"
SSLCertificateKeyFile "/etc/ssl/private/certificate3.key"
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
...Configure here
</VirtualHost>
# 3RDDOMAIN.COM
<VirtualHost 192.168.0.3:443>
ServerName www.3rddomain.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/ssl/certs/certificate3.crt"
SSLCertificateKeyFile "/etc/ssl/private/certificate3.key"
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog "/var/log/apache2/error_log"
TransferLog "/var/log/apache2/access_log"
...Configure here
</VirtualHost>

Posted in Apache.

Tagged with , , .

No comments

By Kurt 2012/03/10

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »