Ever wanted to run multiple virtual hosts on your Apache installations under SSL, but you only have one I.P address to bind to? There are three main steps
- Create your own signing authority and a self signed certificate (If you haven't got one of these yet see here)
- Change your Apache configuration file
- Restart Apache
Change Apache Configuration
A summary from Rich Bowen
Copy the two files wilcard.crt and wildcard.key into a subdirectory of your Apache install, for instance I usually use the dir conf/ssl/. Now edit your config file to look similar to this, the two cert/keys MUST be the same. You also need to ensure that Listen 443 is defined somewhere in the file
As a side note the first virtual host is the default one if you get an unmatched domain name, so foo3.bar.com would get served as if it was foo1.bar.com.
1 comment:
In order to get good security test results (e.g. ssllabs.com/ssltest) you should adjust the ciphers for Apache2 in /etc/apache2/mods-enabled/ssl.conf such that:
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED -DES-CBC3-SHA -DES-CBC-SHA RSA !aNULL !eNULL !LOW -3DES !MD5 !EXP !PSK !SRP DSS !RC4 -EDH-RSA-DES-CBC-SHA -EDH-RSA-DES-CBC3-SHA -ADH-DES-CBC-SHA -ADH-DES-CBC3-SHA -DES-CBC-SHA AES128-SHA kRSA -DES-CBC3-SHA"
Many ssl providers are offering more details and additional adjustments, e.g. here
Post a Comment