Question & Answer
Question
My IBM HTTP Server (IHS) has two hostnames using the same ip address. How can I configure IHS with two different virtualhost definitions on SSL (port 443)?
Cause
NameVirtualHost tells IHS to choose the VirtualHost stanza based on matching the hostname of the request. That works great for non-SSL (HTTP) since it is hostname-based. However, SSL (HTTPS) is a little different, because SSL is ipaddress-based.
Answer
Here is a sample IHS configuration using NameVirtualHost with SSL:
Listen 0.0.0.0:443
NameVirtualHost 192.168.0.21:443
KeyFile /opt/IBM/HTTPServer/key.kdb
<VirtualHost 192.168.0.21:443>
ServerName apples.ibm.com
SSLEnable
SSLServerCert apples
DocumentRoot /docs/apples
</VirtualHost>
<VirtualHost 192.168.0.21:443>
ServerName bananas.ibm.com
SSLEnable
SSLServerCert bananas
DocumentRoot /docs/bananas
</VirtualHost>
For the SSL negotiation, IHS will use the first virtualhost that matches the IP address and port of the hostname in the request. In the sample configuration above, both virtualhosts match the same IP address, therefore, IHS will use only the FIRST one for SSL negotiation. Because it matches the IP address and port f the request. IHS will use the "apples" certificate for all SSL requests regardless of which hostname was used. This may cause warning messages on the client side if the certificate does not match the hostname. To resolve this, you can use a "Subject Alternative Name" SSL certificate which is valid for BOTH hostnames.
After the SSL negotiation has completed, then for other stuff like DocumentRoot and ErrorLog and RewriteRule, IHS will use the virtualhost that has a ServerName or ServerAlias that matches the hostname of the request. So, in the sample configuration above, if the hostname is bananas, then IHS will use the DocumentRoot from the SECOND virtualhost. Because it matches the hostname of the request.
For example, this request:https://bananas.ibm.com/hello.html
Will use the SSL certificate (apples) from the FIRST virtualhost, because it matches the IP address.
Then, it will serve the hello.html page from the document root (/docs/bananas) of the SECOND virtualhost, because it matches the hostname.
Related Information
Was this topic helpful?
Document Information
Modified date:
07 September 2022
UID
swg21607527