Installing a Certificate on a Virtual Host

martin's own private little space

To enable the use of multiple secure virtual hosts, we use name-based as well as ip-based virtual hosts. To setup the secure virtual host, we use the following template.

NameVirtualHost 192.168.100.xxx
<VirtualHost 192.168.100.xxx:443>
    ServerName sitename
    ServerAdmin webmaster@sitename

    SSLEngine On
    SSLCertificateFile /etc/ssl/CA/certs/sitename.cert
    SSLCertificateKeyFile /etc/ssl/CA/private/sitename.key.nopass

    BrowserMatch "MSIE [2-6]" 
        nokeepalive ssl-unclean-shutdown 
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    DocumentRoot /home/www-data/sitename
    <Directory /home/www-data/sitename>
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    DirectoryIndex index.html
    ErrorDocument 404 /404.html

    ErrorLog ${APACHE_LOG_DIR}/sitename/error.log
    CustomLog ${APACHE_LOG_DIR}/sitename/access.log combined
</VirtualHost>

From the above, it is clear that we can setup a secure as well as a non-secure virtual host, whereby the non-secure virtual host would host general information and the secure virtual host the information exchange that requires encryption, e.g. the non-secure hosting a product catalogue and the secure hosting the payment component.

To ensure that the user always access the secure virtual host, we use the following template.

 NameVirtualHost 192.168.100.xxx…

View original post 60 mots de plus

Advertisements
Par défaut