The only way to have multiple cross-browser compatible SSL certificates on different domains on one server is to use multiple external IP addresses.
Currently, Rackspace is happy to allot up to five IP addresses to one cloud server for $2/month per extra IP. That means having multiple web stores or sites requiring SSL certificates on one server is easy and affordable.
Here’s what you need to do:
- Purchase an SSL Certificate from a Cartel.
- Submit a support ticket to Rackspace containing your certificate CRT from the CA This is for verification purposes only. Rackspace doesn’t want to allot IP addresses without a good reason.
- In the support ticket state that you understand and agree with the extra $2 fee. Attach the files from the CA, and state that you would prefer Rackspace to fully setup the IP and restart your server (They will give you the option to finish the setup yourself if you want.)
The reboot is quick and painless. On one of our servers, the restart took place within one hour of the ticket submission and had no real associated downtime. All the sites that were already on the server came back up without any issues, including Magento stores, and Ruby On Rails apps.
After reboot, create a new Apache config file for the new domain and SSL. If you have existing sites, make sure they are IP-based virtual hosts. If they are named-based virtual hosts, Apache will get confused.
Here is an example Apache config file:
NameVirtualHost [IP ADDRESS]:80
NameVirtualHost [IP ADDRESS]:443
<VirtualHost [IP ADDRESS]:80>
ServerName example.com
ServerAdmin serveradmin@example.com
DocumentRoot /home/web_user/www
<Directory /home/web_user/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /home/web_user/logs/error.log
LogLevel warn
CustomLog /home/web_user/logs/access.log combined
</VirtualHost>
<VirtualHost [IP ADDRESS]:443>
ServerName example.com
ServerAdmin serveradmin@example.com
DocumentRoot /home/web_user/www
<Directory /home/web_user/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /home/web_user/logs/error.log
LogLevel warn
CustomLog /home/web_user/logs/access.log combined
SSLEngine On
SSLCertificateFile /home/web_user/ssl/example.com.cer
SSLCertificateChainFile /home/web_user/ssl/chain.cer
SSLCertificateKeyFile /home/web_user/ssl/example.com.key
</VirtualHost>
The config files across the domains follow this same template, changing only for the IP address and file locations.