{"id":1024,"date":"2013-05-04T05:05:39","date_gmt":"2013-05-04T11:05:39","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=1024"},"modified":"2025-04-28T05:09:56","modified_gmt":"2025-04-28T11:09:56","slug":"multiple-ssl-certificates-on-a-single-ip-using-apache","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/multiple-ssl-certificates-on-a-single-ip-using-apache\/","title":{"rendered":"Multiple SSL Certificates on a Single IP Using Apache"},"content":{"rendered":"

SNI ( Server Name Identification) allows you to host multiple SSL certificates on a single IP<\/a> address. Although, hosting several sites on a single virtual private server is possible with the use of virtual hosts, providing separate SSL certificates for each site traditionally required separate IP addresses. The process has now been simplified through the use of Server Name Indication (SNI), which sends a site visitor the certificate that matches the requested server name.<\/p>\n

Requirements<\/p>\n

1. Domain names should be registered in order to serve the certificates by SNI.<\/p>\n

2. Root Privileges to the server.<\/p>\n

3. Apache should already be installed and running<\/p>\n

<\/p>\n

Set up<\/p>\n

1. Create Your SSL Certificates<\/p>\n

For easy understanding, I will be working to create a server that hosts both example.com and example.org.<\/p>\n

The SSL certificate has 2 parts main parts: the certificate itself and the public key. We should create a directory for each virtual hosts SSL certificate.<\/p>\n

# mkdir -p \/etc\/apache2\/ssl\/example.com
\n# mkdir -p \/etc\/apache2\/ssl\/example.org<\/p><\/blockquote>\n

2. Activate the SSL Module<\/p>\n

The next step is to enable SSL.<\/p>\n

# sudo a2enmod ssl<\/p><\/blockquote>\n

Restart apache after that :<\/p>\n

# sudo service apache2 restart<\/p><\/blockquote>\n

3. Create a Self Signed SSL Certificate<\/p>\n

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.<\/p>\n

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/apache2\/ssl\/example.com\/apache.key out \/etc\/apache2\/ssl\/example.com\/apache.crt<\/p><\/blockquote>\n

we have now created both the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.<\/p>\n

This command will prompt terminal to display a list of fields that need to be filled in.<\/p>\n

For the second (example.org) domain:<\/p>\n

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/apache2\/ssl\/example.org\/apache.keyout \/etc\/apache2\/ssl\/example.org\/apache.crt<\/p><\/blockquote>\n

4. Create the Virtual Hosts<\/p>\n

Once you have the certificates saved and ready, you can add in your information in the virtual host files. we can create two virtual host files to store virtual host information in separate files, copying the configuration from the default virtual host file.<\/p>\n

# sudo nano \/etc\/apache2\/sites-available\/example.com
\n# sudo nano \/etc\/apache2\/sites-available\/example.org<\/p><\/blockquote>\n

Open up each file and paste in the configuration below:<\/p>\n

The default configuration files offer a variety of useful directives and additional configuration options that you can add to the virtual host. However, the following information will provide the server everything it needs to set up multiple SSL certificates on one IP address.<\/p>\n

<VirtualHost *:80>
\nServerAdmin webmaster@localhost
\nServerName example.com
\nDocumentRoot \/var\/www<\/p>\n

<\/VirtualHost><\/p>\n

<IfModule mod_ssl.c>
\n<VirtualHost *:443><\/p>\n

ServerAdmin webmaster@localhost
\nServerName example.com
\nDocumentRoot \/var\/www<\/p>\n

# SSL Engine Switch:
\n# Enable\/Disable SSL for this virtual host.
\nSSLEngine on<\/p>\n

# A self-signed (snakeoil) certificate can be created by installing
\n# the ssl-cert package. See
\n# \/usr\/share\/doc\/apache2.2-common\/README.Debian.gz for more info.
\n# If both key and certificate are stored in the same file, only the
\n# SSLCertificateFile directive is needed.
\nSSLCertificateFile \/etc\/apache2\/ssl\/example.com\/apache.crt
\nSSLCertificateKeyFile \/etc\/apache2\/ssl\/example.com\/apache.key
\n<\/VirtualHost><\/p>\n

<\/IfModule><\/p><\/blockquote>\n

5. Edit the ports.conf file<\/p>\n

The final step required to make sure that multiple certificates work on one VPS is to tell the server to listen on port 443.<\/p>\n

# sudo nano \/etc\/apache2\/ports.conf<\/p><\/blockquote>\n

Add the following lines to the apache ports configuration file:<\/p>\n

NameVirtualHost *:80
\nNameVirtualHost *:443<\/p>\n

Listen 80<\/p>\n

<IfModule mod_ssl.c>
\n# If you add NameVirtualHost *:443 here, you will also have to change
\n# the VirtualHost statement in \/etc\/apache2\/sites-available\/default-ssl
\n# to
\n# Server Name Indication for SSL named virtual hosts is currently not
\n# supported by MSIE on Windows XP.
\nListen 443
\n<\/IfModule><\/p>\n

<IfModule mod_gnutls.c>
\nListen 443
\n<\/IfModule><\/p><\/blockquote>\n

6. Activate the Virtual Hosts<\/p>\n

# sudo a2ensite example.com
\n# sudo a2ensite example.org<\/p><\/blockquote>\n

7. Restart Apache<\/p>\n

# sudo service apache2 restart<\/p><\/blockquote>\n

You should now be able to access both sites, each with its own domain name and SSL certificate.<\/p>\n

You can view the sites both with and without the signed SSL certificates by typing in just the domain or the domain with the https prefix.<\/p>\n

If you require help, contact SupportPRO Server Admin<\/a><\/p>\n

\"Server<\/a><\/span>