Server alias with own SSL cert

7 posts / 0 new
Topic locked
Last post
#1 Wed, 08/03/2011 - 09:33
eddieb

Server alias with own SSL cert

I have child.com as an alias of father.com. child.com needs its own SSL cert. The "Manage SSL Certificates" option doesnt become available no matter if child.com, while an alias of father.com, has a website enabled or not.

Is this a virtualmin limitation OR is this a consequence of the way Apache and/or HTTPS are structured? If the former, I would appreciate any pointers on how to get around it.

setting up child.com as a separate server, even if it uses the same document root as father.com, would be a waste of memory.

how do i slap a SSL cert on child.com ?!

Wed, 08/03/2011 - 09:46
andreychek

Howdy,

Since father.com and child.com share the same VirtualHost config -- what you could do is setup the SSL certificate for the father.com Virtual Server.

Once you do that, both father.com and child.com would each be sharing the same SSL certificate.

An alias server can't manage an SSL cert, but if you add the certificate to the parent Virtual Server, that should do what you're after.

-Eric

Wed, 08/03/2011 - 10:38
eddieb

thanks andrey, I should have clarified that I need 2 SSL certs, one for each domain. From my understanding the above setup is not intended for this situation.

Wed, 08/03/2011 - 10:43
andreychek

Ah... unfortunately, that won't work. Well, not exactly, but I'll get to that in a moment :-)

You can only have one SSL certificate per IP address. So normally, that would mean that you'd need two different Virtual Servers (not an alias), each on their own IP address.

That's a limitation of the SSL protocol and how it's implemented in Apache and mod_ssl.

So your options are:

  1. Create two separate Virtual Servers, and put them each on a dedicated IP address

  2. Although you can only have one SSL certificate per IP address, it's actually possible to have multiple domains in a single SSL certificate. It's called a "UCC SSL certificate", and most SSL companies sell those. If you were to purchase one of those UCC SSL certificates, and add multiple domains into it -- you could then do what you're after using father.com as a top-level Virtual Server, and child.com as an Alias Server.

    -Eric

Wed, 08/03/2011 - 10:54
eddieb

ouch, UCC certs are expensive... and using 2 vhosts wastes resources... I'm going to modify the app to use a single cert.

thanks again, Eric and Andrey.

Wed, 08/03/2011 - 11:00
eddieb

is it possible to have two document roots, one for http and another for https ?

Wed, 08/03/2011 - 11:57
Locutus

Basically yes... if they're defined as separate virtual hosts, you can give each of them a different document root directive.

This will require some manual fiddling though, since Virtualmin uses the same Apache config template, and thus the same DocumentRoot, for the HTTP and HTTPS variant of a virtual server.

Topic locked