Multiple Atlassian applications on one host using proxy, SSL and SAN certificate

Timothy Harris April 20, 2017

If we have multiple atlassian applications on one host and Apache with mod_proxy in front.

The idea is that communication to Apache is SSL https. SSL stops at apache and it is http between Apache and tomcat for applications. So there is a virtual host for each application. 

The DNS entires look something like this:

crucible-ecosource.example.biz

jira-ecosource.example.biz

bitbucket-ecosource.example.biz

The question is. Is it possible to use a single SAN certificate at Apache virtual host level? I am not familiar with SAN certificates.

1 answer

1 vote
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 20, 2017

Yes,

Just add a virtualhost for each application.

Preferably you should use a separate configuration file for the SSL config:

In each virtualhost include the ssl config like this:

Include conf.d/ssl-example.com.inc

In the include file add something like:

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/san.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/san.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt

Suggest an answer

Log in or Sign up to answer