IBM Support

IP-Based Virtual Hosting must be used if configuring multiple SSL Virtual Hosts

Technote (troubleshooting)


Problem(Abstract)

IP-Based Virtual Hosting must be used if configuring multiple SSL Virtual Hosts

Resolving the problem

IP-Based Virtual Hosting must be used if configuring multiple SSL Virtual Hosts.

  • IP-Based virtual hosting
    Each VirtualHost stanza is configured with a different IP address. The SSLServerCert directive must also be used if configuring multiple SSL Virtual Hosts.

  • Name-Based virtual hosting
    Each VirtualHost stanza is configured with the same IP address. This also requires the use of a NameVirtualHost directive.


The following example defines two Web sites in the same httpd.conf file. This requires four VirtualHost containers to be defined for this to work:

<VirtualHost 1.2.3.4:80>
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.5:80>
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
SSLServerCert Company A
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.5:443>
SSLEnable
SSLClientAuth none
SSLServerCert Company B
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

SSLDisable
Keyfile /usr/lpp/HTTPServer/keys/Keyfile.kdb
SSLV2Timeout 100
SSLV3Timeout 1000


Exception Note: The Keyfile uses a SAN (Subject Alternative Name) Certificate (support for multiple domain names) or wildcard Certificate.  

Name-Based virtual hosting can be used instead. When using a SAN Certificate the first SSL VirtualHost will be used for the SSL handshake. After the handshake completes the SSL Virtualhost used for the HTTP request processing is determined by the ServerName directive that matches the host header supplied in the client request

NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443

<VirtualHost 1.2.3.4:80>
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:80>
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

SSLDisable
Keyfile /usr/lpp/HTTPServer/keys/Keyfile.kdb
SSLV2Timeout 100
SSLV3Timeout 1000

Note: The SSLServerCert specifies the certificate label to be used for a specific virtual host in IP-Based virtual hosting configuration.


Cross reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server IBM HTTP Server AIX, HP-UX, Linux, Solaris, Windows 7.0, 6.1, 6.0

Document information

More support for: IBM HTTP Server

Software version: 7.0, 8.0, 8.5

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Reference #: 1045922

Modified date: 16 September 2004


Translate this page: