Yesterday we had to set up Apache to host 2 SSL certificates for 2 different IPs. There’s all kind of crackheads on the internet who think you can install 2 SSL certificates for 1 IP but it simply can’t be done. So, here’s what I did:

There’s info on the Apache VirtaulHost Examples site. The best examples are “Mixed name-based and IP-based vhosts” and “Mixed port-based and ip-based virtual hosts.”

Let’s say we have 2 domains: mauka.com and makai.com.

We change our DNS so that the IP xx.xx.xx.1 points to mauka.com and xx.xx.xx.2 points to makai.com points to xx.xx.xx.2. This means the server has to be set up with 2 IPs.

Before we change anything in Apache, we need to generate 2 ssl certificates. We will make these wildcard certificates for the names *.mauka.com and *.makai.com. There’s plenty of information out there about how to generate the key, this site has some good stuff: http://www.madboa.com/geek/openssl/
So, we generate our keys and certs and place them in /etc/pki/tls/private/wildcard-makai.key, /etc/pki/tls/certs/wildcard-makai.crt, /etc/pki/tls/certs/wildcard-mauka.crt and /etc/pki/tls/private/wildcard-mauka.key.

Here’s what the set up will look like for our domain to configure the following urls. :

http://www.mauka.com
http://www2.mauka.com
https://www.mauka.com
https://www2.mauka.com

http://www.makai.com
http://www2.makai.com
https://www.makai.com
https://www2.makai.com

in the main http.conf

NameVirtualHost xx.xx.xx.1:80
NameVirtualHost xx.xx.xx.2:80

Add after our mod_ssl setup, for us it is a file ssl.conf

DocumentRoot /www/www.mauka.com
ServerName www.mauka.com
DocumentRoot /www/www2.mauka.com
ServerName www2.mauka.com
DocumentRoot /www/www.makai.com
ServerName www.makai.com
DocumentRoot /www/www2.makai.com
ServerName www2.makai.com

SSL Configurations
Add after our mod_ssl setup, for us it is a file ssl.conf

NameVirtualHost xx.xx.xx.1:443
NameVirtualHost xx.xx.xx.2:433
DocumentRoot /www/www.mauka.com
ServerName www.mauka.com

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/pki/tls/certs/wildcard-mauka.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-mauka.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
DocumentRoot /www/www2.mauka.com
ServerName www2.mauka.com

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/pki/tls/certs/wildcard-mauka.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-mauka.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
DocumentRoot /www/www.makai.com
ServerName www.makai.com

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/pki/tls/certs/wildcard-makai.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-makai.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
DocumentRoot /www/www2.makai.com
ServerName www2.makai.com

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/pki/tls/certs/wildcard-makai.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-makai.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

Note: This is very general, there’s a lot of other options that are missing here. This is to give you an idea of what it looks like.