SSL Virtual Hosting
I recently implemented branding or skinning on my
WebObjects app since we are allowing private label resellers to sell our product
offerings. Most of the site runs thru https. For our resellers, we decided to
implement host names of the form brand-name.domain.com since we could purchase a
wildcard https cert for *.domain.com. If we did not need https we would just
have given these resellers any domain name they could get their hands on.
Anyway, I discovered that you cannot, right now anyway,
do SSL virtual hosting of different domains and corresponding SSL certificates
on the same IP address! The cleanest way is to use another IP address for the
new SSL virtual host.....
Identify your new external IP address to be used
for the new SSL capable domain you are adding to your server. In our Cisco
router, we added this IP address to the external network interface. Next
identify the new internal IP address to be used internally for the new domain.
On you router map the new external IP ports 80 and 443 to the new internal IP
ports 80 and 443. Also, set up your dns service to point to the new external IP
address. In our case, the internal IPs were in the same
subnet.
On your OS X Server, open Network in System Preferences.
In the Show menu, select Network Port Configurations. Select the Port Configuration that is being used for the current domain on the web server and click Duplicate. Note the name of the new duplicate and rename if you wish.
Next select the new port configuration in the Show menu and configure TCP/IP with the new internal IP address.
Next open Server Admin for this server and create your new website using the new internal IP address. Create a duplicate website on port 443 with SSL enabled and the https certificate for the new domain selected.
After restarting your web service (Apache), you will be able to access both the old and new different domains hosted by the same server via https.
If you have a wildcard SSL certificate, then the new domain website can be domain.com and add an alias for the site as *.domain.com in Server Admin
References
http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
http://developer.apple.com/server/optimizexserve.html
On your OS X Server, open Network in System Preferences.
In the Show menu, select Network Port Configurations. Select the Port Configuration that is being used for the current domain on the web server and click Duplicate. Note the name of the new duplicate and rename if you wish.
Next select the new port configuration in the Show menu and configure TCP/IP with the new internal IP address.
Next open Server Admin for this server and create your new website using the new internal IP address. Create a duplicate website on port 443 with SSL enabled and the https certificate for the new domain selected.
After restarting your web service (Apache), you will be able to access both the old and new different domains hosted by the same server via https.
If you have a wildcard SSL certificate, then the new domain website can be domain.com and add an alias for the site as *.domain.com in Server Admin
References
http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
http://developer.apple.com/server/optimizexserve.html
Posted: Wed - December 6, 2006 at 03:23 PM
Quick Links
Calendar
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
Categories
Archives
XML/RSS Feed
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Dec 14, 2006 03:56 PM
Total entries in this category:
Published On: Dec 14, 2006 03:56 PM