To have multiple SSL certificates run on a single IP address we need to utilize SNI, Server Name Indication (SNI) is an extension to the SSL and TLS protocols that indicates what hostname the client is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 virtual hosting for HTTPS.
To make use of SNI practical, it is necessary that the vast majority of users use web browsers that support it. Users whose browsers do not support SNI will be presented with a default certificate and hence are likely to receive certificate warnings.
As of November 2012, the only major user bases whose browsers do not support SNI appear to be users of Internet Explorer 8 or below on Windows XP and versions of Java before 1.7 on any operating system, and Default Mobile Browsers
Installing and Configuring
First we need to install mod gnutls
apt-get install libapache2-mod-gnutls
Now we need to disable modssl if it is not already disabled
Now we enable guntls
Enable Apache to listen on 443
make sure the following information is present in the ports.conf file
<IfModule mod_gnutls.c> Listen 443 </IfModule>
Comment out the following section
<IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule>
Close and save the ports.conf file. Finally we create a ssl.conf file under /etc/apache2/ssl.conf
Add the following vhost information modify the listed information as needed to reflect your actual domain names.
NameVirtualHost xx.yy.zz.kk:443 <VirtualHost xx.yy.zz.kk:443> ServerName secure.domain1.com:443 GnuTLSEnable on GnuTLSCertificateFile /etc/apache2/ssl-certs/secure.domain1.com.crt GnuTLSKeyFile /etc/apache2/ssl-certs/secure.domain1.com.key GnuTLSPriorities NORMAL DocumentRoot /web/www1 </VirtualHost> <VirtualHost xx.yy.zz.kk:443> ServerName secure.domain2.com:443 GnuTLSEnable on GnuTLSCertificateFile /etc/apache2/ssl-certs/secure.domain2.com.crt GnuTLSKeyFile /etc/apache2/ssl-certs/secure.domain2.com.key GnuTLSPriorities NORMAL DocumentRoot /web/www2 </VirtualHost>
Now that the SSL vhosts are added in the newly created ssl.conf file add a line to your apache2.conf file
Now that the ssl.conf file is included make sure your .key and .crt files are in the correct location and restart apache2