Reputation: 21
Installing multiple RSA SSL certificates with Apache for one website
Is it possible to install multiple RSA certificates for one website with Apache (same domains)? My predicament is this:
We have an old client that communicates with our webserver through a custom C++ application (not a web browser), and it is absolutely impossible for us to update it to use a modern cipher for modern SSL certificates. It is hardcoded to use SHA1 and like I said, it can not be updated.
On the same server that this client device communicates with also lives a website. We need to update things so that when people use a web browser and navigate to our site, we are issuing a modern SSL cert. But, when the old client device is communicating with this server's api over https, we want to secure it using our old sha1 certificate. (Yes, yes, I know...)
I was led to believe that with Apache, you could simply add additional SSLCertificateFile & SSLCertifcateKeyFile entries for each certificate, and then the underlying TSL implementation on clients would handle negotiating which certificate it gets. But upon further testing and reading the last sentence on the documentation for these, I'm not so sure. It says:
This directive can be used up to three times (referencing different filenames) when both a RSA, a DSA, and an ECC based server certificate is used in parallel.
I'm supposing my question is answered right there, but since it does not explicitly state you can't use two RSA certificates for the purpose I'm seeking and that we can't be the only ones to have this problem (unable to update legacy client), I have to ask.
Thank you : )
Upvotes: 0
Views: 234
Answers (1)
Reputation: 941
Server Name Identification (SNI) is an extension of the SSL/TLS protocol that makes possible for Apache to use trusted certificates for a single site.
SNI permits a server to use different SSL certificates over the same IP address.
To use multiple SSL Certificates on your server you need to create new Virtual Host.
Source -
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm https://www.ssl2buy.com/wiki/server-name-indication-sni-use-multiple-ssl-on-a-single-ip
Upvotes: 1
Related Questions
- hosting multiple SSL certs on apache
- multiple ssl virtual hosts on apache
- How to apply different SSL certificates to different domains on the same IP?
- Apache2 - Install several certificates for different domains without virtualhosts
- How can I setup different SSL-Certificates for vhosts on Apache?
- Apache with Multiple vhosts. SSL to apply to only one of them
- Apache - Multiple SSL Issue
- How to set up 2 SSL cert on a single webpage
- Is it possible to have severals keys/certificates on a virtualhost in Apache 2?
- How to use on the same Apache2 Server 2 differents Certificates using VirtualHost?