SNI ( Server Name Identification) allows you to host multiple SSL certificates on a single IP address. Although, hosting several sites on a single virtual private server is possible with the use of virtual hosts, providing separate SSL certificates for each site traditionally required separate IP addresses. The process has now been simplified through the use of Server Name Indication (SNI), which sends a site visitor the certificate that matches the requested server name.
Requirements
1. Domain names should be registered in order to serve the certificates by SNI.
2. Root Privileges to the server.
3. Apache should already be installed and running
Set up
1. Create Your SSL Certificates
For easy understanding, I will be working to create a server that hosts both example.com and example.org.
The SSL certificate has 2 parts main parts: the certificate itself and the public key. We should create a directory for each virtual hosts SSL certificate.
# mkdir -p /etc/apache2/ssl/example.com
# mkdir -p /etc/apache2/ssl/example.org
2. Activate the SSL Module
The next step is to enable SSL.
# sudo a2enmod ssl
Restart apache after that :
# sudo service apache2 restart
3. Create a Self Signed SSL Certificate
When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key out /etc/apache2/ssl/example.com/apache.crt
we have now created both the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
This command will prompt terminal to display a list of fields that need to be filled in.
For the second (example.org) domain:
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.org/apache.keyout /etc/apache2/ssl/example.org/apache.crt
4. Create the Virtual Hosts
Once you have the certificates saved and ready, you can add in your information in the virtual host files. we can create two virtual host files to store virtual host information in separate files, copying the configuration from the default virtual host file.
# sudo nano /etc/apache2/sites-available/example.com
# sudo nano /etc/apache2/sites-available/example.org
Open up each file and paste in the configuration below:
The default configuration files offer a variety of useful directives and additional configuration options that you can add to the virtual host. However, the following information will provide the server everything it needs to set up multiple SSL certificates on one IP address.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
</VirtualHost></IfModule>
5. Edit the ports.conf file
The final step required to make sure that multiple certificates work on one VPS is to tell the server to listen on port 443.
# sudo nano /etc/apache2/ports.conf
Add the following lines to the apache ports configuration file:
NameVirtualHost *:80
NameVirtualHost *:443Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule><IfModule mod_gnutls.c>
Listen 443
</IfModule>
6. Activate the Virtual Hosts
# sudo a2ensite example.com
# sudo a2ensite example.org
7. Restart Apache
# sudo service apache2 restart
You should now be able to access both sites, each with its own domain name and SSL certificate.
You can view the sites both with and without the signed SSL certificates by typing in just the domain or the domain with the https prefix.
If you require help, contact SupportPRO Server Admin
