Results 1 to 2 of 2
  1. #1

    [SSL] one cert on two IP's


    Since we are getting new Ip's we now have our servers working with double IP ranges. Old ones and new ones untill DNS is updated worldwide.

    Now we have a Thawte cert (Which is domain based) for one site and we want to use this for this site(virtualhost) for both IP addresses.

    How can we manage this in our httpd.conf.

    We got it now working with the old address, but not with the new one.

    We've got our virtualhost configured als followed:
    PHP Code:
    <VirtualHost xx.xx.xx.old>
    ServerAdmin site72
    ServerAlias www
    ErrorDocument 401 
    ErrorDocument 403 
    ErrorDocument 404 
    ErrorDocument 500 
    RewriteEngine on
    %{HTTP_HOST}                !^$
    RewriteCond %{HTTP_HOST}                !^$
    RewriteRule ^/(.*)            $1 [L,R]
    RewriteOptions inherit
    ^/~([^/]+)(/(.*))? /home/sites/site72/users/$1/web/$3
    AddType application
    /x-httpd-php .php4
    AddType application
    /x-httpd-php .php

    We're using a cobalt raq. The control-panel of the raq rewrites the httpd.conf for the virtualhosts which uses SSL as follows:
    PHP Code:
    # O.K. What we bassically want to do is build up new section in the conf file
    # for SSL sections.
    while(<HTTPD_CONF>) {
        if (/^<
    VirtualHost [\d\.]+>$/ ... /^<\/VirtualHost>$/) {
            if ( /^<
    VirtualHost ([\d\.]+)>/) {
    # New section. Clean up.
    $ip = $1;
    ssl_conf = ();
    $group undef;

    # Skip this bit, we don't need it now..
    next if (/^<VirtualHost/);

    # Just need to grab the group name out before we get on with
            # the real work.
    if ( /DocumentRoot \/home\/sites\/([^\/]+)\/web/ ){
    $group = $1;

    # These two are for the rewrite options
    s/http/https/go if (/^Rewrite/);
    s/80/443/go if (/^Rewrite/);
    push @ssl_conf$_;

    # Hardcoded, issues with mod_perl and cobalt modules.
    if (/^<\/Virtual/ and (-"/etc/httpd/ssl/$group")) {
    $ret ssl_cert_check("/home/sites/$group/certs/");
                if (
    $ret=~/^2/o) {
    $PerlConfig .= "Listen $ip:443\n";
    $PerlConfig .= "<VirtualHost $ip:443>\n";
    $PerlConfig .= "SSLengine on\n";
    $PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
    $PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
    $PerlConfig .= join('', @ssl_conf);
    elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
    $PerlConfig .= "Listen $ip:443\n";
    $PerlConfig .= "<VirtualHost $ip:443>\n";
    $PerlConfig .= "SSLengine on\n";
    $PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
    $PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
    $PerlConfig .= join('', @ssl_conf);
                } else {
    STDERR "Site $group has invalid certificate: $ret\n";
    close HTTPD_CONF
    Thing is that we only need a new virtualhost with the new IP adress which uses the SSL cert exactly as the old one.

  2. #2
    Join Date
    Aug 2002
    If I'm not mistaken you can simply enter both the new and old IP address in the <VirtualHost> tag.

    Taken from the apache docs:

    You can specify more than one IP address. This is useful if a machine responds to the same name on two different interfaces. For example, if you have a VirtualHost that is available to hosts on an internal (intranet) as well as external (internet) network. Example:
    DocumentRoot /www/docs/
    ServerAlias host
    Apologies if I've misunderstood the question!
    Robin Balen
    Gyron Internet Ltd -
    UK colocation, managed hosting and connectivity services with 100% uptime SLAs

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts