I have mass virtual hosting set up on one of our servers allowing me to basically create a symlink in a certain directory and immediately have that host available on both http as well as https. This works great if all of the hostnames are in the same domain (wildcard certificate) but not otherwise. Let me show you my VirtualHost container:
<VirtualHost 1.2.3.4:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
### Mass SSL Vhosts ###
RewriteEngine on
# define two maps: one for fixing the URL and one which defines
# the available virtual hosts with their corresponding
# DocumentRoot.
RewriteMap lowercase int:tolower
# 2. make sure we have a Host header
RewriteCond %{HTTP_HOST} !^$
# 3. lowercase the hostname
RewriteCond ${lowercase:%{HTTP_HOST}|NONE} ^(.+)$
# 5. finally we can map the URL to its docroot location
# and remember the virtual host for logging puposes
RewriteRule ^/(.*)$ /wwwroot/vhosts/%{HTTP_HOST}/$1 [E=VHOST:${lowercase:%{HTTP_HOST}}]
<Directory "/wwwroot/vhosts/">
Options FollowSymLinks
AllowOverride All
</Directory>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
ErrorLog /var/log/httpd/ssl_error_log
TransferLog /var/log/httpd/ssl_access_log
LogLevel warn
SSLCertificateFile /etc/pki/tls/certs/wildcard.foo.com.crt
SSLCACertificateFile /etc/pki/tls/certs/wildcard.foo.com.intermediate.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.foo.com.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
This setup works anytime I want to create a something.foo.com domain. I just create a symbolic link in /wwwroot/vhosts to a user's directory and bam it works. I now want to create a something.bar.com domain. Once again, I can just create it and drop it in and http://something.bar.com will work. What I cannot get working however, is https://something.bar.com because of the explicitly defined certificates above.
Is there any way to branch inside the VirtualHost container to use different SSL certificates depending on the hostname?
