SSL Virtual Servers differentiated by port?


Is it possible to server up multiple SSL virtual servers on one IP address with separate certs and have the sites differentiated by port number? (so that the correct certificate is used)

I have briefly tried to do this but haven’t been successful… It seems that it is probably not possible using virtualmin?

Heh, I just spent the last 20 minutes typing out instructions on how you might accomplish this… only to get to the last one and realize it won’t work :slight_smile:

Yeah, while Apache supports this setup – I’m not sure that Virtualmin will very easily, as it’s an uncommon configuration.

You could go into Webmin -> Servers -> Apache Website, and manually add it in there, using “Create Virtual Host”. You’d then be able to choose an alternate port for it to run on. But you’ll have to manually setup all the directives.

Further, if you’re using Virtualmin Pro, you may be able to use Add Servers -> Import Virtual Servers in order to assign the domain to a particular Virtualmin user.

Is there an easier way than all this? Maybe, but I’m not sure what it is :slight_smile:

Two words for you: UCC certs.

Virtualmin supports them, and they provide a reasonable illusion of what you’re asking for (what you’re asking for is impossible; you’re asking for the protocol to work in a way that it simply is not defined to). They are not separate certs…they’re all bundled into one. But, most modern browsers (and even some crappy old ones like Internet Explorer) support them. Most mobile devices, on the other hand, do not.

See the docs, and ask questions:,ssl_and_virtualmin/#ucc_certificates

Again, to be emphatic: What you are asking for is not possible. It has nothing to do with Virtualmin. The current SSL protocol does not have room for it. It just won’t work. UCC is the closest you will get with the current SSL implementation (mod_tls does support name-based hosting via a newer protocol, and a few new browsers support this, but it’s dramatically less popular than UCC at this point). Just use UCC for those sites that you can’t give a new IP to, and bide your time like the rest of us.

Crap. I just realized you want different ports. This what I get for reading too little too fast.

Virtualmin does support other ports for SSL certs.

And I’m not seeing immediately how to do that…Urgh.

Hi Joe,

Let me say thanks for your help!

Yea I understand not being able to have multiple virtual servers under the same IP using SSL as the header is encrypted and there is no way for the web server to determine which certificate to use to unencrypt the header. That’s one of the reasons why I was looking at using the port numbers at differentiating between virtual servers for SSL. (It doesn’t look great on the url though but as long as it works…)

I’ve heard that Apache supports it and was trying to see if I could configure it through virtualmin. It seems like it is possible to change the port number for SSL in virtualmin for a virtual server. At first glance it appears that it should be quite simple… Just change the number for the SSL port but I it doesn’t seem to work the way (possibly because this type of setup hasn’t been taken into consideration?)

Would be great if anyone has any more information about this or would be able to help out.

I guess the best solution now would be to suck it and go through the process of requesting more IPs from my provider? They seem to hold on to those really tightly nowadays!

Yeah, having multiple IP’s is an excellent way to solve this – and then you don’t have to deal with having sites running on unusual ports and such – it can be hard to remember where they’re at!

These days, ISP’s generally require justification for IP’s.

That is, someone along the way finally realized there weren’t enough IP’s to just throw them away to people who weren’t actually using them.

ISP’s generally shouldn’t give you too hard a time if you tell them you intend on using the IP’s for a SSL certificates – which is a valid use for an IP address.