Ssl – Non-Wildcard SSL Certificate and Subdomains

apache-2.2sslssl-certificatesubdomain

I want to protect the login form of my blog application with an SSL certificate and I'd also like to have some subdomains set up for things like the Mint web stats package. Is this even possible using a non-wildcard certificate, e.g. the GoDaddy "Turbo" one that costs about $20? I don't really want to fork out for the cost of a wildcard certificate.

To be clear, the only place where I want to use SSL is within the main blog application and not on any of the subdomains. I think I read somewhere that you can't do this because if you're using SSL the Apache virtual hosts have to be configured to use IP addresses. I'd like to get a definitive answer on this.

Thanks.

Best Answer

The main limitation is that with one ip address you can have one ssl certificate.

Since you only want ssl on the blog then there's no problem with the setup you've proposed, just make it the only virtualhost listening on 443

# Virtualhosts on ports 80 and 443
NameVirtualHost *:80
NameVirtualHost *:443

# rewrite blog traffic to https
<VirtualHost *:80>
        ServerName blog.example.com
        DocumentRoot /var/www/blog
        RewriteEngine On 
        RewriteRule ^(.*)$ https://blog.example.com/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key    
        ServerName blog.example.com
        DocumentRoot /var/www/blog
</VirtualHost>

<VirtualHost *:80>
        ServerName othersite.example.com
        DocumentRoot /var/www/other/
</VirtualHost>

The slight limitation here, is that the blog will catch all https traffic here, regardless of hostname, so https://othersite.example.com will point to the blog, and generate errors because the name doesn't match the certificate, but there's no way around that with one ip address.

Related Topic