Enable SSL for Single Domain on Server with Multiple Vhosts – Configuration Guide

apache-2.2linuxsnisslssl-certificate

I just purchased an SSL certificate to secure/enable only ONE domain on a server with multiple vhosts. I plan on configuring as shown below (non SNI). In addition, I still want to access phpMyAdmin, securely, via my server's IP address. Will the below configuration work? I have only one shot to get this working in production. Are there any redundant settings?

---apache ssl.conf file---

Listen 443 

SSLCertificateFile /home/web/certs/domain1.public.crt
SSLCertificateKeyFile /home/web/certs/domain1.private.key
SSLCertificateChainFile /home/web/certs/domain1.intermediate.crt

    ---apache httpd.conf file----
    ...
    DocumentRoot "/var/www/html" #currently exists
    ...
    NameVirtualHost *:443 #new - is this really needed if "Listen 443" is in ssl.conf???
    ...
    #below vhost currently exists, the domain I wish t enable SSL) 
    <VirtualHost *:80>
         ServerAdmin info@domain1.com
         ServerName domain1.com
         ServerAlias 173.XXX.XXX.XXX
         DocumentRoot /home/web/public_html/domain1.com/public
    </VirtualHost>

    #below vhost currently exists.
    <VirtualHost *:80>
      ServerName  domain2.com
      ServerAlias www.domain2.com
      DocumentRoot /home/web/public_html/domain2.com/public
    </VirtualHost>

    #new -I plan on adding this vhost block to enable ssl for domain1.com!
    <VirtualHost *:443>
         ServerAdmin info@domain1.com
         ServerName www.domain1.com
         ServerAlias 173.XXX.XXX.20

         SSLEngine on
         SSLProtocol all
         SSLCertificateFile /home/web/certs/domain1.public.crt
         SSLCertificateKeyFile /home/web/certs/domain1.private.key
         SSLCACertificateFile /home/web/certs/domain1.intermediate.crt

         DocumentRoot /home/web/public_html/domain1.com/public
    </VirtualHost>

As previously mentioned, I want to be able to access phpmyadmin via "https://173.XXX.XXX.XXX/hiddenfolder/phpmyadmin" which is stored
under "var/www/html/hiddenfolder"

Best Answer

What you are trying to do is SNI. The IP address is in fact a host name in matters of negotiation.

Your configuration will point both domain1.com and https://173.XXX.XXX.20 into the same directory.

You have 4 options:

  1. SNI

  2. Get an additional IP

  3. Create an alias for phpmyamin under the one SSL cert you have

  4. Just listen on another port for SSL as well and have the IP hostname use that. e.g. https://173.XXX.XXX.20:444

The configuration you have listed would most likely cause you some trouble. Edit your question with what solution you want to run with.. Or comment on this reply

Related Topic