Apache 2 and SSL trouble

By | July 11, 2009

I’ve been playing around with a couple of corporate website’s lately. One of the things I’ve been trying to work out is creating more security for the management and webmail systems for my websites. This is also were I ran into some difficulty.

I have my own root certificate for all of my websites, so that I can sign my own certificates and use them all over the place. I only have to ask my clients to accept the root certificate and all is fine. This seems to work fine except when I tried to load them into Apache. Here’s what my problem is and was. I have multiple domains hosted on the same virtual server. Which basically means a lot of websites running under one IP-address.

In this setup I have several domains I want to add a SSL variant of. For example webmail.domain.com as well as admin.domain.com. And this is where it became problematic.

I configured this without any problems in apache. Setup a virtual host listening to port 443 and setup the listener instruction in apache. But for some reason all of my secure domains ended up using the same certificate. Which off course causes a lot of security warnings for the browsers :(. And a lot of people are having the same issue, just read the thread on howtoforge.com.

As it turns out Apache is only able to host one secure virtual host per IP-address and port combination. Which is kinda obvious since Apache cannot read the domain name until it has decrypted the SSL information, something which it cannot do until the SSL handshake with the client has been done. Hence that only one set of certificates is allowed per IP and port.

Long story short I ended up setting the websites up with different ports since I don’t have multiple IP-addresses to host the websites on.

Leave a Reply