Apache2: How to split out the SSL configuration?

Posted by Klaas van Schelven on Server Fault See other posts from Server Fault or by Klaas van Schelven
Published on 2011-06-26T12:13:48Z Indexed on 2011/06/26 16:23 UTC
Read the original article Hit count: 358

Filed under:
|

In Apache2, I'd like to separately define my SSL-related stuff once, and in a separate file from the rest of the configuration. This is mostly a matter of taste, but it also allows me to include the rest of the configuration in my automatic deployment process.

I.e.: current situation:

# in file: 0000-ourdomain.com.conf (number needs to be low)
<VirtualHost xx.xx.xx.xx:443>
    # SSL part
    SSLEngine on
    SSLCertificateFile ....crt
    SSLCACertificateFile ...pem
    SSLCertificateChainFile ...intermediate.pem
    SSLCertificateKeyFile ....wildcard.ourdomain.com.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    ServerName www.ourdomain.com
    ServerAlias ourdomain.com

    # the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>

I'd like

# in file: 0000-ssl-stuff
<VirtualHost xx.xx.xx.xx:443>
    # SSL part
    SSLEngine on
    SSLCertificateFile ....crt
    SSLCACertificateFile ...pem
    SSLCertificateChainFile ...intermediate.pem
    SSLCertificateKeyFile ....wildcard.ourdomain.com.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

    ServerName www.ourdomain.com
    ServerAlias ourdomain.com
</VirtualHost>

# in file: ourdomain.com.conf
<VirtualHost xx.xx.xx.xx:443>
    # the actual configuration, as found for xx.xx.xx.xx:80, repeated
</VirtualHost>

Unfortunately, this does not seem to work. Apache SSL fails, though it does not give an error message at reload or syntax-check.

My best found workaround is to us an Include directive from the 0000-ssl file.

Many thanks!

© Server Fault or respective owner

Related posts about ssl

Related posts about apache2