Installing two SSL Certificates on one server

Using one SSL certificate on the server is pretty easy, but what when we want to use SVN with apache and run the site which requires a payment system? Check if you do not have a second IP address before renting next server. Fortunately – Fasthosts give it for all servers.

Configuration happened to not be very complicated.

Requirements:

* server with two IP addresses
* apache(2) with working SSL on one server

Configuring the second IP address on Gentoo

If one has two Ethernet cards there is just a need to use them, The „not so standard“ part is when there is only one Ethernet card and more IP addresses pointing to it.

In gento one has to edit the /etc/conf.d/net file and add alias to the existing ethX, in my case – eth0.

config_eth0=(
        "xxx.xxx.xxx.89 netmask 255.255.252.0 brd xxx.xxx.yyy.255"
        "xxx.xxx.xxx.88 netmask 255.255.252.0 brd xxx.xxx.yyy.255"
        )

Restart the network services

/etc/init.d/net.eth0 restart

Then ifconfig should show both IP addresses the aliased one as eth0:1

eth0      Link encap:Ethernet  HWaddr 00:30:05:zz:zz:zz
          inet addr:xxx.xxx.xxx.89  Bcast:xxx.xxx.yyy.255  Mask:255.255.252.0
[...]
eth0:1    Link encap:Ethernet  HWaddr 00:30:05:zz:zz:zz
          inet addr:xxx.xxx.xxx.88  Bcast:xxx.xxx.yyy.255  Mask:255.255.252.0

Create/buy Certificate

Taken from gentoo-wiki

cd /etc/apache2/ssl/
openssl genrsa -out server.key 1024
openssl rsa -in server.key -out server.pem
openssl req -new -key server.pem -out server.csr
chmod 600 server.*

Fill all needed information (do remember that the common name (CN) is the exact name of your website).

Use the server.csr to buy certificate or sign it on your own:

openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt

Configure Apache

Apache2 version before 2.2

vi /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf

Apache2 version 2.2

vi /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

Change _default_ in <VirtualHost _default_:443> to <VirtualHost xxx.xxx.xxx.88:443>

Copy whole Virtual Host section and change the IP of the second section VirtualHost definition.

Remember to change the SSLCertificateFile and SSLCertificate­KeyFile values in the second VirtualHost section to point to the right certificate files

Restart apache and voila!

/etc/init.d/apache2 restart

Trackback URL for this post:

http://piotr.zalewa.info/trackback/40