Pages

Saturday, January 5, 2013

Multiple HTTPS servers on one IP

Configuring apache2 for multiple HTTPS servers on a single IP

Follow these steps to configure a Debian, or a Debian based distro, server running apache 2.2.12 or higher.

Multiple HTTPS servers on a single IP are possible due to the recent introduction of the SNI (Server Name Identification) extension. In order for it to work, the client's browser must also be SNI compliant.

If the client's browser is not SNI compliant (IE 8 or earlier on XP), then the client will be presented with the default security certificate, causing the browser to issue a certificate mismatch warning. If the client chooses to ignore the warning and proceed anyway, things should be fine.

The configuration is pretty straightforward, it involves turning on "NameVirtualHost" in ports.conf and configuring individual servers (virtual hosts) in default-ssl

Modify  /etc/apache2/ports.conf  as shown below, leave other defaults as is:




Next modify  /etc/apache2/sites-available/default-ssl  as shown below. Leave other defaults as is:



Stop ( apache2ctl stop ) and start ( apache2ctl start ) apache and test if your server is running multiple hosts by opening the different URLs from a client browser.

In this example you would open :

  https://server1.domain1.com
  https://server2.domain2.org
  https://server3.domain3.net

Click here for SSL/TLS FAQ & their answers at apache.org.

-baji.

No comments:

Post a Comment