Configure SNI multiple SSL Certificates on one IP Address with Apache on Ubuntu

Howto configure SNI multiple SSL Certificates on one IP Address with Apache on Ubuntu

14

Example: we want to make site testsni.com and testsni.org on one IP Address with Apache on Ubuntu

1. Install apache2 on Ubuntu

root@ip-10-48-234-13:~# apt-get install apache2

2.  Create folder for SSL Certificates

root@ip-10-48-234-13:~# mkdir -p /etc/apache2/ssl/testsni.com
root@ip-10-48-234-13:~# mkdir -p /etc/apache2/ssl/testsni.org

3. Activate SSL Module on Apache

root@ip-10-48-234-13:~# a2enmod ssl
root@ip-10-48-234-13:~# service apache2 restart

4. Create a self Signed SSL Certificate

root@ip-10-48-234-13:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/testsni.org/apache.key -out /etc/apache2/ssl/testsni.org/apache.crt
root@ip-10-48-234-13:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/testsni.com/apache.key -out /etc/apache2/ssl/testsni.com/apache.crt

5. Create virtual host for each site

root@ip-10-48-234-13:~# cd /etc/apache2/sites-available

root@ip-10-48-234-13:~#  cp default testsni.org
root@ip-10-48-234-13:~#  cp default testsni.com

6. Modify virtual host configuration for each site

root@ip-10-48-234-13:/etc/apache2/sites-available# cat /etc/apache2/sites-available/testsni.org
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName testsni.org
DocumentRoot /var/www

</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerAdmin webmaster@localhost
ServerName testsni.org
DocumentRoot /var/www

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/testsni.org/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/testsni.org/apache.key
</VirtualHost>

</IfModule>

root@ip-10-48-234-13:~# vi /etc/apache2/sites-available/testsni.com
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName testsni.com
DocumentRoot /var/www

</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerAdmin webmaster@localhost
ServerName testsni.com
DocumentRoot /var/www

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/testsni.com/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/testsni.com/apache.key
</VirtualHost>

</IfModule>

8. Enable Virtual host for testsni.org and testsni.com

root@ip-10-48-234-13:~# a2ensite testsni.com
root@ip-10-48-234-13:~# a2ensite testsni.org
root@ip-10-48-234-13:~# service apache2 restart

9. Try to access testsni.org and testsni.com

testsni.org

testsni

 

That’s all. Thanks for using IThelpblog.com.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>