Host multiple secure websites on Apache

On a corporate network, it may be necessary to have multiple secure websites being served from a single Apache server, on a single IPInternet protocol address. Previously, attempting to host multiple secure sites on a single IP address would cause certificate requests to be perceived as man-in-the-middle attacks, and the connections would be refused.

Configure the websites served up from Apache to include the SNI extension in the connection requests.

NOTE

Only Apache 2.2.12 and later and OpenSSL 0.9.8j and later have support for Server Name Indication (SNI).

SNI is not supported on Internet Explorer running on Windows XP.

  1. Create all the secured sites on the Apache server.
  2. Copy the certificate files for the secure sites onto the Apache server. Put the certificate files in the same location as the other certificates on the server. The certificates should be readable by the web server process only.
  3. Enable SSL on Apache
  4. Specify the ports referenced by the virtual hosts
  5. Add a <VirtualHost> block for each secure site on the server
  6. Verify the secure server configuration
  7. Managing Certificates and CA Certificates
  8. Configure SSL Acceleration Servers