Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Apache: How to Enable Multiple SSL On One IP Using SNI and Virtual Host

DZone's Guide to

Apache: How to Enable Multiple SSL On One IP Using SNI and Virtual Host

Here’s how you can use multiple SSL certificates on a single IP address, thanks to SNI and Virtual Host. Click here to learn more!

· Security Zone ·
Free Resource

Protect your applications against today's increasingly sophisticated threat landscape.

When you have multiple websites and want to run them on one IP address, you use name-based virtual hosting. Using a name-based host, you can quickly direct a user to the right site. However, this becomes a problem while using SSL/TLS certificates. That’s because SSL/TLS involves a handshake between the client and server. An HTTP header can only be sent after the handshake. As a result, the server doesn’t know which website it should serve. That’s why it forces some people to purchase separate IP addresses.

Here Comes SNI 

Server Name Indication (SNI) is an extension to the SSL/TLS protocol. It allows you to host multiple SSL certificates on a single unique IP address. This is done by inserting an HTTP header in the SSL/TLS handshake. This saves some serious money.

Sound good? Want to go ahead and enable SNI on Apache using virtual host? Of course, you do. Here’s how to do it!

Enable SNI on Apache Through Virtual Host

Note: Before you begin, we suggest you take a backup of your .conf file.

  • To run multiple SSL certificates on one server, you’ll need to create a virtual host. To do so, you’ll need to add the following line to your .conf file.
Include my_other_site.conf


  • Once this line is added, go to the NameVirtualHost directive and add your server’s IP address *:443 or whichever SSL port you’re using.
  • Now, you need to direct  SSLCertificateFile,  SSLCertificateKeyFile, and the SSLCertificateChainFile to the locations of the certificate files for every website that you want to secure.
<VirtualHost *:443> ServerName www.yourdomainname.com DocumentRoot /var/www/domainname SSLEngine on SSLCertificateFile /path/to/www_ yourdomainname _com.crt SSLCertificateKeyFile /path/to/www_ yourdomainname _com.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


<VirtualHost *:443> ServerName www.yourdomainname2.com DocumentRoot /var/www/domainname2 SSLEngine on SSLCertificateFile /path/to/www_yourdomainname2_com.crt SSLCertificateKeyFile /path/to/www_ yourdomainname2_com.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


If you want to use a Wildcard SSL or a Multi-Domain SSL certificate, you must point to the same IP address. Here’s how you should do it:

<VirtualHost 192.168.1.1:443> ServerName www.yourdomainname.com DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


<VirtualHost 192.168.1.1:443> ServerName domain2.yourdomainname.com DocumentRoot /var/www/domain2 SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


Are all done? Well, you have just enabled SNI on your Apache server using Virtual Host!

Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register Now

Topics:
web security ,security ,apache ,ssl ,SNI ,Virtual Host

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}