Installing a Certificate on a Virtual Host

To enable the use of multiple secure virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above, it is clear that we can setup a secure as well as a non-secure virtual host, whereby the non-secure virtual host would host general information and the secure virtual host the information exchange that requires encryption, e.g. the non-secure hosting a product catalogue and the secure hosting the payment component.

To ensure that the user always access the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>
Advertisements

2 thoughts on “Installing a Certificate on a Virtual Host

Comments are closed.