heber gentilin
Reputation: 155
SSL Certificate at a specific URL on Apache
Is there possible to configurate the SSL Certificate Key File (Two Way) for a specific URL inside the domain?
Yes, using mod_rewrite. But I really need to keep the domain and the URL that was requested.
Current domain.com.conf configuration:
<VirtualHost domain.com:443>
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.cer
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /usr/local/apache2/conf/ca.cer
<location />
Order allow,deny
allow from all
SSLRequire (%{SSL_CLIENT_S_DN_CN} eq "clientcn")
</location>
DocumentRoot /usr/local/apache2/htdocs/
<Directory "/usr/local/apache2/htdocs">
Options FollowSymLinks
AllowOverride None
allow from all
</Directory>
LogLevel warn
ErrorLog /usr/local/apache2/conf/logs/error.log
CustomLog /usr/local/apache2/conf/logs/ssl_access.log combined
BrowserMatch ".*MSIE.*"\
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Upvotes: 2
Views: 2721
Answers (1)
Jeff Puckett
Reputation: 41081
The SSL handshake happens at the server level before any route/endpoint dispatching takes place. The full URL in the HTTP header is not even considered until after a successful TLS negotiation.
For example, use curl on this URL to see that it first connects to the host, and then if and only if a trusted connection is formed does it pass the URI stem.
curl -vI https://stackoverflow.com/questions/42718090/ssl-certificate-at-a-specific-url-on-apache
* Trying 151.101.193.69... * Connected to stackoverflow.com (151.101.193.69) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 714 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.stackexchange.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=NY,L=New York,O=Stack Exchange\, Inc.,CN=*.stackexchange.com * start date: Sat, 21 May 2016 00:00:00 GMT * expire date: Wed, 14 Aug 2019 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 High Assurance Server CA * compression: NULL * ALPN, server accepted to use http/1.1 > HEAD /questions/42718090/ssl-certificate-at-a-specific-url-on-apache HTTP/1.1 > Host: stackoverflow.com > User-Agent: curl/7.47.0 > Accept: */*
Upvotes: 4
Related Questions
- Apache Name Virtual Host with SSL
- How to assign a dedicated certificate to a sub-directory for proxy pass in Apache?
- How to apply different SSL certificates to different domains on the same IP?
- apache .htaccess ssl to only one site
- .htaccess require SSL for a particular URL
- See server name according to SSL certificates
- Apache - Installing SSL Cert
- Apache SSL Certificate
- Invalid SSL certificate in Apache
- SSL certificate installing