If we have multiple atlassian applications on one host and Apache with mod_proxy in front.
The idea is that communication to Apache is SSL https. SSL stops at apache and it is http between Apache and tomcat for applications. So there is a virtual host for each application.
The DNS entires look something like this:
crucible-ecosource.example.biz
jira-ecosource.example.biz
bitbucket-ecosource.example.biz
The question is. Is it possible to use a single SAN certificate at Apache virtual host level? I am not familiar with SAN certificates.
Yes,
Just add a virtualhost for each application.
Preferably you should use a separate configuration file for the SSL config:
In each virtualhost include the ssl config like this:
Include conf.d/ssl-example.com.inc
In the include file add something like:
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/san.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/san.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.