OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] How to auto-select SSL certificate by hostname


There is no built-in way to handle this. You would need to list every domain name as a server alias for HTTPD to select the correct certificate. You could look at mod_macro so you don't need to rewrite the same configuration multiple times or a configuration management tool like Puppet/Chef/etc that can just take a list and create the config. Alternatively, you could set up haproxy in front of HTTPD since it searches a directory for all certificates.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Wed, Sep 12, 2018, 2:51 PM <craig@xxxxxxxxxxxx> wrote:

I am trying to configure a server that has the singular purpose of redirecting https://anyhost.com to https://www.anyhost.com. Without SSL, this is trivial: create a single configuration that uses Rewrite to redirect to www.{%HOST}.

 

Bringing SSL into it complicates things however. We’ll be doing redirects for 1000+ domains, so managing hostname --> certificate mappings with VHosts is a challenge. We can fit 100 names on each certificate, so we’ll need to handle at minimum 10 certificates.

 

From my reading of the documentation, each VHost can only be configured for a single certificate. Is there any method, with or without the use of a module, for having a single configuration that can serve the appropriate certificate automatically?

 

The behavior I’m attempting to emulate is available on Amazon Application Load Balancers. Multiple certificates can be added to a single ALB, and it examines the Host header to determine which certificate is appropriate with zero configuration of any domain-certificate mapping.

 

Craig Menning
BubbleUp.net
craig@xxxxxxxxxxxx
O: (832) 585-0709
C: (713) 568-5355