How to auto-select SSL certificate by hostname

I am trying to configure a server that has the singular purpose of
redirecting <a href="" title=""></a> to <a href="" title=""></a>. Without SSL,
this is trivial: create a single configuration that uses Rewrite to redirect
to www.{%HOST}.

Bringing SSL into it complicates things however. We'll be doing redirects
for 1000+ domains, so managing hostname --> certificate mappings with VHosts
is a challenge. We can fit 100 names on each certificate, so we'll need to
handle at minimum 10 certificates.

From my reading of the documentation, each VHost can only be configured for
a single certificate. Is there any method, with or without the use of a
module, for having a single configuration that can serve the appropriate
certificate automatically?

The behavior I'm attempting to emulate is available on Amazon Application
Load Balancers. Multiple certificates can be added to a single ALB, and it
examines the Host header to determine which certificate is appropriate with
zero configuration of any domain-certificate mapping.

Craig Menning
<mailto: ... at bubbleup dot net> <a href="mailto: ... at bubbleup dot net"> ... at bubbleup dot net</a>
O: <tel:(832)%20585-0709> (832) 585-0709
C: <tel:(713)%20568-5355> (713) 568-5355


Re: How to auto-select SSL certificate by hostname

By Yehuda Katz at 09/12/2018 - 16:48

There is no built-in way to handle this. You would need to list every
domain name as a server alias for HTTPD to select the correct certificate.
You could look at mod_macro so you don't need to rewrite the same
configuration multiple times or a configuration management tool like
Puppet/Chef/etc that can just take a list and create the config.
Alternatively, you could set up haproxy in front of HTTPD since it searches
a directory for all certificates.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.