Apache SNI

SNI stands for Server Name Indicator, it allows you to run multiple SSL based websites under the same server with the same IP address. Prior to SNI, only one server can have 1 HTTPS website. This means if you have 2 websites, you would need 2 servers. Through the use of SNI, you can configure Apache to have multiple SSL websites on port 443.

To enable the SNI ability you would need make some changes to the ports.conf within Apache at:


<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
    NameVirtualHost *:443

<IfModule mod_gnutls.c>
    Listen 443

Once we have done this, we can add our additional website into the virtual host like we would normally do.

<VirtualHost *:443>

        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL:!RC4

        SSLCertificateFile /etc/apache2/ssl/mysuperweb/mysuperweb.crt
        SSLCertificateKeyFile /etc/apache2/ssl/mysuperweb/mysuperweb.key

        ServerAdmin hello@mysuperweb.com
        DocumentRoot /var/www
        ServerName mysuperweb.com
        ServerAlias www.mysuperweb.com

Finally we will just restart our web server for the changes to take place with service apache2 restart. This will now enable SNI on our server to have multiple HTTPS websites on a single IP address.