Apache: Enable Multiple SSL On One IP Using SNI through Virtual Host

4 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 54 votes, average: 4.00 out of 5 (4 votes, average: 4.00 out of 5, rated)
Loading...

Here’s how you can use multiple SSL certificates on a single IP address, thanks to SNI

When you have multiple websites and want to run them on one IP address, you use name-based virtual hosting. Using a name-based host, you can quickly direct a user to the right site. However, this becomes a problem while using SSL/TLS certificates. That’s because SSL/TLS involves a handshake between client and server. HTTP header can only be sent after the handshake. As a result, the server doesn’t know which website it should serve. That’s why forces some people to purchase separate IP address

Here comes SNI (server name indication).

Server Name Indication (SNI) is an extension to the SSL/TLS protocol. The SNI extension allows you to host multiple SSL certificates on a single unique IP address. This is done by inserting HTTP header in the SSL/TLS handshake. This saves some serious money.

Sounds good? Want to go ahead and enable SNI on Apache using virtual host? Of course, you do. Here’s how to do it.

Enable SNI on Apache through Virtual Host

Note: Before you begin, we suggest you take a backup of your .conf file.

  • To run multiple SSL certificates on one server, you’ll need to create a virtual host. To do so, you’ll need to add the below line to your .conf file.
Include my_other_site.conf
  • Once this line is added, go to the NameVirtualHost directive and add your server’s IP address *:443 or whichever SSL port you’re using.
  • Now you need to direct SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to the locations of the certificate files for every website that you want to secure.
<VirtualHost *:443>
 ServerName www.yourdomainname.com
 DocumentRoot /var/www/domainname
 SSLEngine on
 SSLCertificateFile /path/to/www_ yourdomainname _com.crt
 SSLCertificateKeyFile /path/to/www_ yourdomainname _com.key
 SSLCertificateChainFile /path/to/NameofCA.crt
</VirtualHost>
<VirtualHost *:443>
 ServerName www.yourdomainname2.com
 DocumentRoot /var/www/domainname2
 SSLEngine on
 SSLCertificateFile /path/to/www_yourdomainname2_com.crt
 SSLCertificateKeyFile /path/to/www_ yourdomainname2_com.key
 SSLCertificateChainFile /path/to/NameofCA.crt
</VirtualHost>

If you want to use a Wildcard SSL or a Multi-Domain SSL certificate, you must point to the same IP address. Here’s how you should do it:

<VirtualHost 192.168.1.1:443>
 ServerName www.yourdomainname.com
 DocumentRoot /var/www/
 SSLEngine on
 SSLCertificateFile /path/to/your_domain_name.crt
 SSLCertificateKeyFile /path/to/your_private.key
 SSLCertificateChainFile /path/to/NameofCA.crt
</VirtualHost>
<VirtualHost 192.168.1.1:443>
 ServerName domain2.yourdomainname.com
 DocumentRoot /var/www/domain2
 SSLEngine on
 SSLCertificateFile /path/to/your_domain_name.crt
 SSLCertificateKeyFile /path/to/your_private.key
 SSLCertificateChainFile /path/to/NameofCA.crt
</VirtualHost>

Are all done? Well, you have just enabled SNI on your Apache server using Virtual Host. Open your sites and see SSL having been enabled on all of them.

One SSL Certificate for Multiple Domains

GeoTrust Logo
GeoTrust Offers Multiple Domains SSL Certificate and It allows 250 multiple websites security with single SSL certificate on multiple servers.

Related Resources