SNI stands for Server Name Indicator, it allows you to run multiple SSL based websites under the same server with the same IP address. Prior to SNI, only one server can have 1 HTTPS website. This means if you have 2 websites, you would need 2 servers. Through the use of SNI, you can configure Apache to have multiple SSL websites on port 443.
To enable the SNI ability you would need make some changes to the ports.conf within Apache at:
/etc/apache2/ports.conf <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 NameVirtualHost *:443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Once we have done this, we can add our additional website into the virtual host like we would normally do.
<VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL:!RC4 SSLCertificateFile /etc/apache2/ssl/mysuperweb/mysuperweb.crt SSLCertificateKeyFile /etc/apache2/ssl/mysuperweb/mysuperweb.key ServerAdmin email@example.com DocumentRoot /var/www ServerName mysuperweb.com ServerAlias www.mysuperweb.com </VirtualHost>
Finally we will just restart our web server for the changes to take place with service apache2 restart. This will now enable SNI on our server to have multiple HTTPS websites on a single IP address.