Wednesday, September 21, 2022

[FIXED] How to apply different SSL certificates to different domains on the same IP?

      , ,      No comments   

Issue

How to apply different SSL certificates to different domains on the same IP, same server and same virtualhost (I am using apache 2.2)? Right now it is not working and needs to work with a single virtualhost on apache 2.2.

Bellow you have what I am trying:

<VirtualHost *:80>
  ServerName main_url.com
  ServerAlias *.main_url.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>



NameVirtualHost *:443

<VirtualHost *:443>
  ServerName main_url.com
  ServerAlias *.main_url.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/main_url_com.crt
  SSLCertificateKeyFile /certs/main_url_com.key
  SSLCertificateChainFile /certs/main_url_com.ca-bundle
</VirtualHost>

<VirtualHost *:80>
  ServerName url_site1.com
  Redirect permanent / https://url_site1.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName url_site1.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/url_site1.crt
  SSLCertificateKeyFile /certs/url_site1.key
  SSLCertificateChainFile /certs/url_site1.ca-bundle
</VirtualHost>


<VirtualHost *:80>
  ServerName url_site2.com
  Redirect permanent / https://url_site2.dk/
</VirtualHost>

<VirtualHost *:443>
  ServerName url_site2.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/url_site2.crt
  SSLCertificateKeyFile /certs/url_site2.key
  SSLCertificateChainFile /certs/url_site2.ca-bundle
</VirtualHost>

All help will be appreciate.

Thank you

Fabio


Solution

This very easy if you are familiar with the server configuration. Please follow the steps mentioned below and you will definitely achieve what you want.

1. You have to create two diffrent directories for both domains.

mkdir -p /etc/apache2/ssl/example1.com
mkdir -p /etc/apache2/ssl/example2.com

2. Next you have to activate the SSL mode

sudo a2enmod ssl
sudo service apache2 restart

3. Create a Self Signed SSL Certificate for first domain

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example1.com/apache.key –out /etc/apache2/ssl/example1.com/apache.crt

4. After that fill the details you asked like:-

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Clifornia
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AFffas LLC
Organizational Unit Name (eg, section) []:Dept of marketing
Common Name (e.g. server FQDN or YOUR name) []:example1.com                  
Email Address []:johndoe@example1.com

5. Take same steps for second (example2.com)

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example2.com/apache.key -out /etc/apache2/ssl/example2.com/apache.crt

6. Now need to create virtual hosts

sudo nano /etc/apache2/sites-available/example1.com
sudo nano /etc/apache2/sites-available/example2.com

Next open each file and paste in the configuration below. This configuration is a simplified version of two separate configuration files: the default virtual server configuration file found at /etc/apache2/sites-available/default and the default SSL configuration located in /etc/apache2/sites-available/default-ssl.

This configuration contacins an important change that facilitates multiple SSL certificates. Whereas the default SSL configuration has the following line, specifying a certificate as the default one for the server,

<VirtualHost _default_:443>

configuration below not have a reference to a default certificate. This is key.

Overall, the default configuration files offer a variety of useful directives and additional configuration options that you can add to the virtual host. However, the following information will provide the server everything it needs to set up multiple SSL certificates on one IP address

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName example1.com
        DocumentRoot /var/www

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:443>

        ServerAdmin webmaster@localhost
        ServerName example1.com
        DocumentRoot /var/www

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile /etc/apache2/ssl/example1.com/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/example1.com/apache.key
</VirtualHost>

</IfModule>

There are a few lines in these configuration files that need to be customized.

ServerAdmin: This is simply your webmaster’s email address ServerName: This is your domain name. Make sure that you write it in without a prepended www. DocumentRoot: This is the directory where you keep your site information. Currently it points to the apache default directory. You will probably have different server roots for the 2 different virtual hosts. SSLCertificateFile: This directive points to the location of the certificate file. The certificate for each site is stored in the directory that we created earlier in the tutorial. SSLCertificateKeyFile : This directive points to the location of the certificate key. The certificate key for each site is stored in the directory that we created earlier in the tutorial. Set up both domains’ configurations. We still have more step before the separate SSL certificates will work on both servers.

7.Edit the ports.conf file The final step required to make sure that multiple certificates work on one VPS is to tell the server to listen on port 443. Add the bolded line to the apache ports configuration file.

sudo nano /etc/apache2/ports.conf 


NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to 
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

8. Activate the Virtual Hosts

sudo a2ensite example1.com
sudo a2ensite example2.com

After that just restart the apache

sudo service apache2 restart

Now you should be able to access both sites, each with its own domain name and SSL certificate.



Answered By - Kuldeep Bhardwaj
Answer Checked By - David Goodson (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...