{"id":1278,"date":"2018-02-23T11:00:36","date_gmt":"2018-02-23T16:00:36","guid":{"rendered":"https:\/\/www.zobila.com\/?p=1278"},"modified":"2020-12-18T13:30:26","modified_gmt":"2020-12-18T18:30:26","slug":"using-multiple-ssl-certificates-apache-one-ip-address","status":"publish","type":"post","link":"https:\/\/www.zobila.com\/index.php\/2018\/02\/23\/using-multiple-ssl-certificates-apache-one-ip-address\/","title":{"rendered":"Using Multiple SSL Certificates in Apache with One IP Address"},"content":{"rendered":"

Using Multiple SSL Certificates in Apache with One IP Address<\/h1>\n
\n
\n
\n

About the TLS Extension Server Name Indication (SNI)<\/h2>\n

When website administrators and IT personnel are restricted to use a single SSL Certificate per socket (combination of IP Address and socket) it can cost a lot of money. This restriction causes them to buy multiple IP addresses for regular https websites from their domain host or buy hardware that allows them to utilize multiple network adapters.<\/p>\n

However, with Apache v2.2.12 and OpenSSL v0.9.8j and later you can use a transport layer security (TLS) called SNI. SNI can secure multiple Apache sites using a single SSL Certificate and use multiple SSL Certificates to secure various websites on a single domain (e.g. www.yourdomain.com, site2.yourdomain.com) or across multiple domains (www.domain1.com, www.domain2.com)\u2014all from a single IP address. The benefits of using SNI are obvious\u2014you can secure more websites without purchasing more IP addresses or additional hardware.<\/p>\n

Since this is a fairly recent update with Apache, browsers are only recently supporting SNI. Most current major desktop and mobile browsers support SNI. One notable exception is that no versions of Internet Explorer on Windows XP support SNI. For more information on which browsers support SNI, please see\u00a0SNI browser support<\/a>.<\/p>\n

To use SNI on Apache, please make sure you complete the instructions on the\u00a0Apache SSL installation<\/a>\u00a0page. Then continue with the steps on this page.<\/p>\n

Setting up SNI with Apache<\/h2>\n

To use additional SSL Certificates on your server you need to create another Virtual Host. As a best practice, we recommend making a backup of your existing .conf file before proceeding. You can create a new Virtual Host in your existing .conf file or you can create a new .conf file for the new Virtual Host. If you create a new .conf file, add the following line to your existing .conf file:<\/p>\n

\n
Include my_other_site.conf\r\n<\/pre>\n<\/div>\n
Next, in the NameVirtualHost directive list your server’s public IP address, *:443, or other port you’re using for SSL (see example below).<\/p>\n
Then point the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to the locations of the certificate files for each website as shown below:<\/p>\n
\n
NameVirtualHost *:443<\/strong>\r\n\r\n<VirtualHost *:443<\/strong>>\r\n ServerName www.yoursite.com<\/strong>\r\n DocumentRoot \/var\/www\/site<\/strong>\r\n SSLEngine on\r\n SSLCertificateFile \/path\/to\/www_yoursite_com.crt\r\n SSLCertificateKeyFile \/path\/to\/www_yoursite_com.key\r\n SSLCertificateChainFile \/path\/to\/DigiCertCA.crt\r\n<\/VirtualHost>\r\n\r\n<VirtualHost *:443<\/strong>>\r\n ServerName www.yoursite2.com<\/strong>\r\n DocumentRoot \/var\/www\/site2<\/strong>\r\n SSLEngine on\r\n SSLCertificateFile \/path\/to\/www_yoursite2_com.crt\r\n SSLCertificateKeyFile \/path\/to\/www_yoursite2_com.key\r\n SSLCertificateChainFile \/path\/to\/DigiCertCA.crt\r\n<\/VirtualHost>\r\n<\/pre>\n<\/div>\n
If you have a Wildcard or Multi-Domain SSL Certificate all of the websites using the same certificate need to reference the same IP address in the VirtualHost IP address:443 section like in the example below:<\/p>\n
\n
<VirtualHost 192.168.1.1:443<\/strong>>\r\n ServerName www.domain.com<\/strong>\r\n DocumentRoot \/var\/www\/<\/strong>\r\n SSLEngine on\r\n SSLCertificateFile \/path\/to\/your_domain_name.crt\r\n SSLCertificateKeyFile \/path\/to\/your_private.key\r\n SSLCertificateChainFile \/path\/to\/DigiCertCA.crt\r\n<\/VirtualHost>\r\n<VirtualHost 192.168.1.1:443<\/strong>>\r\n ServerName site2.domain.com<\/strong>\r\n DocumentRoot \/var\/www\/site2<\/strong>\r\n SSLEngine on\r\n SSLCertificateFile \/path\/to\/your_domain_name.crt\r\n SSLCertificateKeyFile \/path\/to\/your_private.key\r\n SSLCertificateChainFile \/path\/to\/DigiCertCA.crt\r\n<\/VirtualHost>\r\n<\/pre>\n<\/div>\n
Now restart Apache and access the https site from a browser that supports SNI. If you set it up correctly, you will access the site without any warnings or problems. You can add as many websites or SSL Certificates as you need using the above process.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Using Multiple SSL Certificates in Apache with One IP Address About the TLS Extension Server Name Indication (SNI) When website administrators and IT personnel are…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[15],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9vClO-kC","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1282,"url":"https:\/\/www.zobila.com\/index.php\/2018\/02\/23\/choose-domain-name\/","url_meta":{"origin":1278,"position":0},"title":"How To Choose A Domain Name","author":"admin","date":"February 23, 2018","format":false,"excerpt":"How To Choose A Domain Name A domain name is important. It will become your online identity, and choosing wisely can make or break your website. We've gathered all the information to help you choose safely, avoiding common pitfalls, legal issues, and SEO disaster. I\u2019ve done it many times, including\u2026","rel":"","context":"In "Domain Name"","block_context":{"text":"Domain Name","link":"https:\/\/www.zobila.com\/index.php\/category\/domain\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1284,"url":"https:\/\/www.zobila.com\/index.php\/2018\/02\/23\/seo-60-percent-online-searches-mobile-devices\/","url_meta":{"origin":1278,"position":1},"title":"SEO – 60 percent of Online Searches from mobile devices","author":"admin","date":"February 23, 2018","format":false,"excerpt":"According to a\u00a0recent report from Hitwise, nearly 60 percent of all Online Searches are now carried out on a mobile device, with some sectors (Food and Beverage) reaching 72 percent. Hitwise analyzed hundreds of millions of online search queries across multiple devices, including 3.5 million smartphones and tablets between April\u2026","rel":"","context":"In "SEO"","block_context":{"text":"SEO","link":"https:\/\/www.zobila.com\/index.php\/category\/seo\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1280,"url":"https:\/\/www.zobila.com\/index.php\/2018\/02\/23\/reset-mysql-root-password\/","url_meta":{"origin":1278,"position":2},"title":"Reset a MySQL root password","author":"admin","date":"February 23, 2018","format":false,"excerpt":"The MySQL root password allows the root user to have full access to the MySQL database. You must have (Linux) root or (Windows) Administrator access to the Cloud Server to reset the MySQL root password. Note:\u00a0The Cloud Server (Linux) root or (Windows) Administrator account password is not the same as\u2026","rel":"","context":"In "Hosting"","block_context":{"text":"Hosting","link":"https:\/\/www.zobila.com\/index.php\/category\/hosting\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/posts\/1278"}],"collection":[{"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/comments?post=1278"}],"version-history":[{"count":1,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/posts\/1278\/revisions"}],"predecessor-version":[{"id":1279,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/posts\/1278\/revisions\/1279"}],"wp:attachment":[{"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/media?parent=1278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/categories?post=1278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zobila.com\/index.php\/wp-json\/wp\/v2\/tags?post=1278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}