Secure Virtual Host Configuration

For basic virtual host configuration see VirtualHostConfiguration. This page is for additional steps required for HTTPS (secure) virtual host configuration.

Assign an IP address

Each HTTPS virtual host must have its own IP address. This will appear in the server configuration in a NameVirtualHost directive as well as in the <VirtualHost> directive.

Obtain a Site Key and Certificate

The site key can be obtained by emailing ist-ca@ist.uwaterloo.ca. The key and certificate will then need to be installed into the sslCerts-1 package.

Apache Configuration

In addition to the virtual hosts documented for an HTTP virtual host, additional virtual hosts should be configured for HTTPS access. Even if all the content is to be HTTPS-only, an HTTP host should be created that simply redirects all access to the HTTPS version. Unfortunately, the second virtual host that picks up non-canonical names will pop up a browser error concerning the certificate, since the certificate will be valid only for the canonical name requested when the certificate was created.

In the typical case where the HTTPS is meant simply to protect some of the content on the site, it will likely be useful to create an include file that can be included in both the main HTTP and main HTTPS virtual host. This can set the document root and many other settings that configure which directories are to be served to the web. Doing so will keep the HTTP and HTTPS servers synchronized as far as any common content is concerned.