How do you set up SSL certificates for Virtual Hosts

Asked by idh63

I need to set up a CA Signed certificate for a Virtual Host in Intrepid 8.10.

I want the certificate for *.myworkingdomain.com, not machine.hosting.com >In other words, creating a certificate for my virtual host in /home/myuser/public_html and not in /var/www

Can I just create a folder called myuser in /etc/apache2/ssl and create my certificates in there, then in /etc/apache2/sites-available/mysite.conf

** showing local ip's for this example instead of the real ip's

<VirtualHost 10.0.0.203:*>
DocumentRoot "/home/mysite/public_html"
ServerName mysite.com
<Directory "/home/mysite/public_html">
allow from all
Options +Indexes
</Directory>
ServerAlias www.mysite.com
DirectoryIndex home.php index.php
SSLEngine on
SSLProtocol +SSLv3 +TLSv1
SSLCertificateFile /etc/apache2/ssl/mysite/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/mysite/server.key
</VirtualHost>

??

In trying this configuration with a self signed cert., restart apache and browse http://mysite.com domain i get:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

If I add the 's' to http. I get domain not found.

also, I can no longer browse any virtual host on this local test server from an external computer in my office. Only my ubuntu machine.

Any clues much appreciated.

Confession: I have always used RH and c-Panel WHM, so I didn't need to know this stuff.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Solved by:
idh63
Solved:
Last query:
Last reply:
Revision history for this message
Cafuego (cafuego) said :
#1

You're forcing SSL to be enabled on all port numbers and then you're connecting via http instead of https, which means you should be able to connect to https://mysite.com:80/

In order to fix the problem, you need a vhost definition for port 80 and a different one for port 443.

<VirtualHost 10.0.0.203:80>
DocumentRoot "/home/mysite/public_html"
ServerName mysite.com
<Directory "/home/mysite/public_html">
allow from all
Options +Indexes
</Directory>
ServerAlias www.mysite.com
DirectoryIndex home.php index.php
</VirtualHost>

<VirtualHost 10.0.0.203:443>
DocumentRoot "/home/mysite/public_html"
ServerName mysite.com
<Directory "/home/mysite/public_html">
allow from all
Options +Indexes
</Directory>
ServerAlias www.mysite.com
DirectoryIndex home.php index.php
SSLEngine on
SSLProtocol +SSLv3 +TLSv1
SSLCertificateFile /etc/apache2/ssl/mysite/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/mysite/server.key
</VirtualHost>

The certificate would contain only www.mysite.com OR mysite.com, so you'll get certificate warnings on one or the other.

Revision history for this message
Cafuego (cafuego) said :
#2

Note you'll probably need to add Listen 10.0.0.203:443 in /etc/apache2/ports.conf and "NameVirtualHost 10.0.0.203:80" and "NameVirtualHost 10.0.0.203:443" at the top of the vhost definitions.

Keep in mind you cannot normally do name based vhosting of secure sites; you will need a unique IP for each secure site, or a special certificate that includes all server names and aliases that will be served from the one IP. Not a lot of SSL providers offer those certificates.

Revision history for this message
idh63 (idh-me) said :
#3

Thanks Cafuego,

You jogged my memory regarding ip addresses.

I didn't get it working exactly as you suggested, but i did get it working by using both a new ip address 10.0.0.204 and secure.mysite.com

Actually, I don't mind this url.