Using Virtual Hosts with Apache and SSL Certificates

Posted by admin | Filed under Linux Hosting, Web Development

When we first started using our own server to host multiple client websites, one problem we commonly came across was “how can we host different virtual domains and different SSL certificates?” After some research, we came to the same conclusion you probably already know, because of the SSL protocol, you can’t use Virtual Hosts with SSL. This is because SSL is encrypted, and it must be read and un-encrypted before the requested domain name can be read by Apache, because… it is encypted.

So, how can you provide your multiple clients with Virtual Domains their own SSL and https:// address? You can:

  • Let them share your server’s SSL certificate, and server name (e.g. https://holleygrove.com/secure/CustomerName). This, unfortunately is a different domain name, so it may bring up a red flag to some shoppers, however, if you have a valid SSL certificate for your domain (holleygrove.com), the site will be valid and no security warnings will appear.
  • Redirect them to the https version of their domain name even though there is not a valid SSL certificate for their domain (or there is, but because of the SSL protocol, Apache cannot access it). This will present the user with a domain name/ SSL certificate mis-match (which is bad), but the URL will read https://CustomerName.

Both of the above solutions have compromises. The best way to get around this is to use a separate IP address specifically for your VirtualDomain. This will allow you to setup Apache to listen for your VitrualDomain… SSL (port 443) and HTTP (port 80) on this particular IP address. Below is a working code excerpt from Apache 2.2 for a VirtualDomain listening on a separate IP address:

 # IP Based Virtual Host - Example.com - IP:  192.168.1.1
NameVirtualHost 192.168.1.1:80
<VirtualHost 192.168.1.1:80>
        ServerAdmin support@holleygrove.com
        DocumentRoot /home/example/public_html
        ServerName www.example.com
        ServerAlias example.com *.example.com
        ErrorLog /etc/httpd/groups/example/logs/error_log
        CustomLog /etc/httpd/groups/example/logs/access_log combined
        #TransferLog /etc/httpd/groups/example/logs/access_log
        <Directory "/home/example/public_html">
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

Make sure to change the above directive to match your IP and system configuration, and place it in your Apache’s configuration file. Any IP-based VirtaulHost directives, such as the one above, should be placed after any non-IP based (name based) VirtualHost directives.

Permalink | December 21st, 2007

One Response to “Using Virtual Hosts with Apache and SSL Certificates”

  1. Alexander Pokluda Says:
    March 23rd, 2008 at 10:54 pm

    Thank you for this information!! I couldn’t find it anywhere else… I was wondering why Apache would always present the certificate for the first “” configuration that it read on startup.

Leave a Reply