I have an apache server with one ip address. (on a debian server).
I have several virtualhosts for http and one virtualhost for https
one vhost, redirect traffic to the https vhost and this works fine, something like this
<VirtualHost *:80>
ServerName mymainsite.com
ServerAlias www.mymainsite.com
ServerAlias myothersite.org
ServerAlias www.myothersite.org
RewriteEngine on
RewriteRule ^(.*)$ https://www.mymainsite.com$1 [L,R=301]
(...)
I have another vhost for https, like this
<VirtualHost *:443>
ServerName www.mymainsite.com
(...)
and this works fine, all non https is forwared to https, and that is super.. but then the problem.
some times people go to this url https://www.myothersite.org
and this is answered by the https vhost, and creates a "wrong certificate" error.
Question is: is there a way to prevent this, without using a 2nd ip address, or buying a multi url or wildcard SSL certificate?
edit: just remove some extra text
You need to use SSL extension named Server Name Indication (SNI). This extension will allow server to determine for which named virtual host request was designated for, and patch it through accordingly.
Your apache is probably built with support for SNI but to check it simply setup two name virtual hosts on your IP, port 443 and try to start apache. If your apache does not support SNI error_log will show "You should not use name-based virtual hosts in conjunction with SSL!!" If SNI is built in, then the error log will show "[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)".
Also be aware that browsers need to support SNI as well in order to have this working. Good thing is all major browsers support is
So yes, in short you can have 2 or more different domains with their respective SSL certificates on same IP, just configure other SSL domains much like your first one. If your apache lacks support for SNI you will need to find another apache package or rebuild this one with support for SNI to get it working.