Configure multiple virtualhost with the same SSL Certificate - Apache

Question

Configure multiple virtualhost with the same SSL Certificate - Apache

Navigation

#1 by (5 votes)

3

I was configuring a pair of domains that shared the same SSL certificate, that the content will be in different folders and evidently that everything was on the same server.

My domains are:

example.com (For the Website)

api.example.com (For the Web Service)

I got the SSL Certificate with Let's Encrypt (free) .

The certificate was generated for both domains, therefore it could be placed in the same directory.

/etc/apache2/ssl/example.com /

Later I made the respective settings in the Apache sites directory.

/ etc / apache2 / sites-available /

Likewise, perform the activation of the sites:

a2ensite example.com

a2ensite api.example.com

The structure of the website is:

-> /var/www/
       -> website/
       -> api/

These are the configurations:

/etc/apache2/sites-available/example.com

<VirtualHost *:80>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error.log

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  example.com
    DocumentRoot    /var/www/website/

    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/example.com/error_ssl.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/website/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

/etc/apache2/sites-available/api.example.com

<VirtualHost *:80>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    #RewriteEngine On
    #RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

<VirtualHost *:443>

    ServerName  api.example.com
    DocumentRoot    /var/www/api/

    LogLevel warn
    ErrorLog ${APACHE_LOG_DIR}/error.log

    SSLEngine on
    SSLCertificateKeyFile   /etc/apache2/ssl/example.com/privkey.pem
    SSLCertificateFile      /etc/apache2/ssl/example.com/cert.pem
    SSLCertificateChainFile /etc/apache2/ssl/example.com/chain.pem

        <Directory "/var/www/api/">
                Options FollowSymLinks
                AllowOverride None
        </Directory>

</VirtualHost>

The drawback is:

When I access the `example.com` site in the browser, the content that has `api.example.com` is opened.

This gives rise to my question:

How can we configure multiple sites using the same SSL Certificate?

apache ssl virtualhost

asked by Ivan Botero 03.03.2017 в 16:25

source

1 answer

C ++ How do I make the visual environment of a program? Take sql data and mark it as active or current

score 5 · Accepted Answer

I share my solution.

After looking a bit about this requirement I found this Apache parameter.

SSLStrictSNIVHostCheck

Which gives us a term about the Apache.

SNI

Server Name Indication

According to an Internet reference, I quote:

SNI allows the client, before encrypting the connection, to send to the server the name of the domain he wants to access. [1]

This means that we must enable SNI on our server to be able to serve multiple subdomains using the same SSL Certificate.

How do we do it?

The first thing that is done is to modify the following file:

/etc/apache2/httpd.conf

And in the we add the following:

SSLStrictSNIVHostCheck on

Afterwards, the file is edited:

/etc/apache2/ports.conf

And in the we add the following instruction:

NameVirtualHost *:443

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

The NameVirtualHost *:443 instruction is more necessary to add, since what is below it is usually by default in the ports.conf setting.

Finally, we save and restart the Apache.

/etc/init.d/apache2 restart

After this, the subdomains allow their use independently and using the same SSL Certificate.

Update

The ServerName directive indicates one of the server names that can be used in virtualhost , but we can use another directive, which can be useful if there are multiple domains that use the same content.

ServerAlias

Keeping our configuration like this.

ServerName    example.com
ServerAlias   www.example.com
ServerAlias   sitio.example.com

Allowing the same configuration for example.com to be used by other sites.

Configure multiple virtualhost with the same SSL Certificate - Apache

These are the configurations:

/etc/apache2/sites-available/example.com

/etc/apache2/sites-available/api.example.com

When I access the example.com site in the browser, the content that has api.example.com is opened.

How can we configure multiple sites using the same SSL Certificate?

1 answer

SNI

Server Name Indication

How do we do it?

Update

When I access the `example.com` site in the browser, the content that has `api.example.com` is opened.