You only need a separate IP for every virtual host if you are not using a wildcard certificate. Wildcard certs cost a
little more, but they are good for all hosts within a particular domain. Then, you can run all of your vhosts on port
443 with the same IP, and the cert will work for all of the vhosts.
Also, if you choose to go with a non-wildcard cert, you can actually run several virtual hosts on the same IP, using
different certs for each vhost, but then you are forced to run SSL over a non-standard port. At that point, you need to
tell Apache to listen on that port, and configure each of your virtual hosts to listen on both port 80 and whatever port
you assign it for SSL transactions. SSL binds to a particular socket, so it's a combination of IP + port number that is
unique.
And, it's always necessary to have a separate and complete set of configuration directives for each port that a vhost
runs under.
Rob
Frode E. Moe wrote:
On Tue, Nov 28, 2006 at 09:09:20 +0000, Steve Swift wrote:
Where should I go to learn about configuring Virtual Hosts and SSL in the
same apache?
I have virtual hosts woking using "NameVirtualHost *:80"
SSL works for the Virtual Hosts *I* have defined
But in the (default) ssl.conf file installed with apache I find:
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
... (other, less interesting lines)
</VirtualHost>
What puzzles me is this:
The VirtualHost definition above seems to be working as SSL is finding the
Certificate File (otherwise how would SSL work at all?)
How is this VirtualHost definition working in conjunction with
"NameVirtualHost *:80" ?
You need a separate IP for each SSL virtualhost, since SSL certificates
are exchanged before any HTTP headers (especially the Host: header) are
transferred. So my guess is that apache just picks the first SSL
certificate applicable for a given IP. In other words, it makes no sense
to use NameVirtualHost for SSL / port 443. I don't think your *:80 stuff
makes any difference either way as that sould be independent of anything
on :443.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
-----------------------------------------------------------------------
Robert Fox Systems Administrator
University Libraries of Notre Dame Phone: (574)631-3353
211 Hesburgh Library Email: [EMAIL PROTECTED]
Notre Dame, IN 46556
"Sufficit tibi gratia mea nam virtus in infirmitate perficitur" - 2 Corinthians
12:9
-----------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
