DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Apache: How to Enable Multiple SSL On One IP Using SNI and Virtual Host

Here’s how you can use multiple SSL certificates on a single IP address, thanks to SNI and Virtual Host. Click here to learn more!

Jim Aron user avatar by
Jim Aron
·
Jul. 24, 18 · Tutorial
Like (3)
Save
Tweet
Share
20.07K Views

Join the DZone community and get the full member experience.

Join For Free

When you have multiple websites and want to run them on one IP address, you use name-based virtual hosting. Using a name-based host, you can quickly direct a user to the right site. However, this becomes a problem while using SSL/TLS certificates. That’s because SSL/TLS involves a handshake between the client and server. An HTTP header can only be sent after the handshake. As a result, the server doesn’t know which website it should serve. That’s why it forces some people to purchase separate IP addresses.

Here Comes SNI 

Server Name Indication (SNI) is an extension to the SSL/TLS protocol. It allows you to host multiple SSL certificates on a single unique IP address. This is done by inserting an HTTP header in the SSL/TLS handshake. This saves some serious money.

Sound good? Want to go ahead and enable SNI on Apache using virtual host? Of course, you do. Here’s how to do it!

Enable SNI on Apache Through Virtual Host

Note: Before you begin, we suggest you take a backup of your .conf file.

  • To run multiple SSL certificates on one server, you’ll need to create a virtual host. To do so, you’ll need to add the following line to your .conf file.
Include my_other_site.conf


  • Once this line is added, go to the NameVirtualHost directive and add your server’s IP address *:443 or whichever SSL port you’re using.
  • Now, you need to direct  SSLCertificateFile,  SSLCertificateKeyFile, and the SSLCertificateChainFile to the locations of the certificate files for every website that you want to secure.
<VirtualHost *:443> ServerName www.yourdomainname.com DocumentRoot /var/www/domainname SSLEngine on SSLCertificateFile /path/to/www_ yourdomainname _com.crt SSLCertificateKeyFile /path/to/www_ yourdomainname _com.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


<VirtualHost *:443> ServerName www.yourdomainname2.com DocumentRoot /var/www/domainname2 SSLEngine on SSLCertificateFile /path/to/www_yourdomainname2_com.crt SSLCertificateKeyFile /path/to/www_ yourdomainname2_com.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


If you want to use a Wildcard SSL or a Multi-Domain SSL certificate, you must point to the same IP address. Here’s how you should do it:

<VirtualHost 192.168.1.1:443> ServerName www.yourdomainname.com DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


<VirtualHost 192.168.1.1:443> ServerName domain2.yourdomainname.com DocumentRoot /var/www/domain2 SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/NameofCA.crt</VirtualHost>


Are all done? Well, you have just enabled SNI on your Apache server using Virtual Host!

Server Name Indication Host (Unix)

Published at DZone with permission of Jim Aron. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How to Create a Real-Time Scalable Streaming App Using Apache NiFi, Apache Pulsar, and Apache Flink SQL
  • Implementing Infinite Scroll in jOOQ
  • How to Rescue Your Magento 2 Project
  • What Should You Know About Graph Database’s Scalability?

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: