Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Apache & VirtualHost SSL with a wildcard or multiple-site server certificate

Apache (1.3, 2.0 or 2.2) requires advanced settings in order to run SSL with several sites names, whether with a Wildcard or with a multiple-site certificate. This configuration is not clearly explained in the official documentation.

Ports listening

You need to indicate which IP address and which port the server has to listen. The virtual host has to be declared as well. Enter the same thing into the 2 instructions. Example:
Listen 213.186.35.102:443
NameVirtualHost 213.186.35.102:443
If you are IPv6-compatible:
Listen [2001:41D0:1:266::1]:443
NameVirtualHost [2001:41D0:1:266::1]:443

Sites declaration

You can declare as may sites as you want to. First of all use the virtualhost declaration:
<VirtualHost 213.186.35.102:443 >
or, with IPv6
<VirtualHost 213.186.35.102:443 [2001:41D0:1:266::1]:443 >
Inside, place the keyword ServerName that will identify the site's name, and one or several ServerAlias

Finally, enter the SSL instructions
SSLEngine on
SSLCertificateFile conf/ssl.crt/cert-1138-8747.cer
SSLCertificateKeyFile conf/ssl.key/wild.cert.com.2006.key
SSLCertificateChainFile  conf/ssl.crt/chain-1138-8747.txt
SSLVerifyClient none
Then the other VirtualHost instructions.

You can then define as many VirtualHost as needed.

Example of a minimum configuration

<VirtualHost _default_:443>

DocumentRoot /var/www/html
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log

SSLEngine on

# 128-bit mini anti-beast
#SSLCipherSuite !EDH:!ADH:!DSS:!RC2:RC4-SHA:RC4-MD5:HIGH:MEDIUM:+AES128:+3DES
# 128-bit mini PFS favored
#SSLCipherSuite !EDH:!ADH:!DSS:!RC2:HIGH:MEDIUM:+3DES:+RC4
# 128-bit maximal security
SSLCipherSuite !EDH:!ADH:!DSS:!RC4:HIGH:+3DES

SSLProtocol all -SSLv2 -SSLv3 
SSLHonorCipherSuite on  # apache 2.1+

SSLCertificateFile conf/ssl/cert-0000000000-12983.cer
SSLCertificateKeyFile conf/ssl/multisite.key
SSLCertificateChainFile conf/ssl/chain-0000000000-12983.txt
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
DocumentRoot /home/site1/public_html
ServerName management.site1.com
ServerAlias v8.site1.com cyber.site1.com
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /home/site2/public_html
ServerName managecom.site2.com
ServerAlias commercial.site2.com,prospect.site2.com
</VirtualHost>