Multiple SSL Virtualhosts on Apache 1.3

To: debian-security@lists.debian.org
Subject: Multiple SSL Virtualhosts on Apache 1.3
From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>
Date: Tue, 5 Nov 2002 11:00:46 +0100
Message-id: <[🔎] 51341B7FA34CD2119FA20008C7289B1C049BAABE@panoramix.coe.int>

Greetings,

I managed to create several Virtualhosts on a apache-ssl (1.3) server (same
IP, same port, several names).
 
The "trick" is to use the same Certificate for every Virtualhost, which will
of course generate a warning on browsers, due to certificate not matching
most of the sites names. But it does work.

For clarity below is an extract of httpd.conf

I am wondering whether anyone else uses that in a production environnment,
and whether this working is due to a side-effect on the way apache works. I
didn't find it on any doc nor any howto.

The non-matching {site name/certificate} is indeed a drawback, but maybe can
be turned around? If I have an official certificate for ssl.foo.com, and I
use it for foo{n}.ssl.foo.com, maybe it could be "secure enough" for some
applications? (just like I noticed the HTTPS certiifcate for
"mail.yahoo.com" is actually signed for "login.yahoo.com")

Since I read several at several places on the Web that it was not possible
to build several HTTPS VirtualHosts on the same IP/Port, I'd like to add
this to the discussion.

Your comments will be appreciated.

Vincent


*************************
httpd.conf sample :

<VirtualHost 1.2.3.4:443>
   ServerName ssl1.bar.com
   SSLEngine On
   SSLCertificateFile /etc/apache/certificate/server.crt
   SSLCertificateKeyFile /etc/apache/certificate/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/log/apache/ssl1_request_log common
   ErrorLog /var/log/apache/ssl1-error.log
   DocumentRoot /var/www/ssl1/
</Virtualhost>

<VirtualHost 1.2.3.4:443>
   ServerName ssl2.bar.com
   SSLEngine On
   SSLCertificateFile /etc/apache/certificate/server.crt
   SSLCertificateKeyFile /etc/apache/certificate/server.key
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
   CustomLog /var/log/apache/ssl2_request_log common
   ErrorLog /var/log/apache/ssl2-error.log
   DocumentRoot /var/www/ssl2/
</Virtualhost>
*************************



 .''`.                            | Vincent Deffontaines
: :'  :   Debian GNU/Linux        | Network Administrator
`. `~'    http://www.debian.org   | Council of Europe
  `-

Reply to:

Follow-Ups:
- Re: Multiple SSL Virtualhosts on Apache 1.3
  - From: Jakub Ambrożewicz <ja@vigor.com.pl>
- Re: Multiple SSL Virtualhosts on Apache 1.3
  - From: lupe@lupe-christoph.de (Lupe Christoph)
- Re: Multiple SSL Virtualhosts on Apache 1.3
  - From: Jan Meijer <jan.meijer@surfnet.nl>
- Re: Multiple SSL Virtualhosts on Apache 1.3
  - From: Lionel Elie Mamane <lionel@mamane.lu>
- Re: Multiple SSL Virtualhosts on Apache 1.3
  - From: Steve Johnson <steve@webninja.com>
- chrooting apache[ssl,php,perl] and some mta
  - From: Michael Ablassmeier <try@rubyforen.de>

Prev by Date: Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Next by Date: Re: Multiple SSL Virtualhosts on Apache 1.3
Previous by thread: Re: DSA 187-1 and FrontPage extensions
Next by thread: Re: Multiple SSL Virtualhosts on Apache 1.3
Index(es):
- Date
- Thread