Home/ Questions/Q 3636444
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T01:02:02+00:00

I have many Apache VirtualHosts for each of which I use a dedicated SSLCertificateFile.

  • 0

I have many Apache VirtualHosts for each of which I use a dedicated SSLCertificateFile.

This is an configuration example of a VirtualHost:

<VirtualHost *:443>

     ServerName subdomain.domain.localhost

     DocumentRoot "/Users/<my_user_name>/Sites/users/public"
     RackEnv development

   <Directory "/Users/<my_user_name>/Sites/users/publ`enter code here`ic">
     Order allow,deny
     Allow from all
   </Directory>

    # SSL Configuration
    SSLEngine on

    #Self Signed certificates
    SSLCertificateFile /private/etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /private/etc/apache2/ssl/server.key
    SSLCertificateChainFile /private/etc/apache2/ssl/ca.crt

</VirtualHost>

Since I am maintaining more Ruby on Rails applications using Passenger Preference Pane, this is a part of the apache2 httpd.conf file:

<IfModule passenger_module>
  NameVirtualHost *:80
  <VirtualHost *:80>
    ServerName _default_
  </VirtualHost>
  Include /private/etc/apache2/passenger_pane_vhosts/*.conf
</IfModule>

Can I use a single SSLCertificateFile for all my VirtualHosts (I have heard of wildcards) instead of creating one of it for each VirtualHost? If so, how can I change the files listed above?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So you have two things to solve; how to get a cert (pub/priv) that works for all your hosts -and then next – how to arrange the vHosts and the use of strategic includes. (I am ignoring the SNI option here – do read up on that though).

    For the first – you roughly have threee options – a wildcard cert (i.e. *.foo.bar.com), a cert with multiple CN’s in the DN (E.g. “CN=foo.com, CN=bar.com, L=London..”) or a cert with 1 or more Subject Alternative Names containing DNS names (http://playnice.ly/blog/2011/01/03/multi-domain-ucc-ssl-certificates-on-nginx-with-1-ip-address/). The latter two are good when you have just a handful of vhosts (but they can have any name; so no wildcard limits). While the wildcard is your only option when you have 10’s to 100’s of domains – but the downside is that they have to have a similar leaf name (though you’d be surprised how ‘easy’ is to get a *.com issued by accident).

    Once you have one of these beass – simply include it on server level.

    So next up is how to splice things from thereon – what you need here is the same setup as for an SNI host (see docs or http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI).

    To make your live easy – you could consider using ‘include’ snippets – or, worst case, generate the config with a small shell script (or go all out – you can include perl and the output it generates ‘virtually’ on the fly!).

    Dw.

    • 0