Configure Apache to support multiple SSL sites on a single IP

You can host unlimited NameVirtualHost-s with http protocol. But how can you have many virtual hosts in vhost file over https? Not possible ????

Most of websites have some sort of CMS which has admin passwords and these must not be sent over plaintext, little security warning for admins is not a big problem. When using apache default conf and defining many VirtualHost-s for port *:443 you still see only one when you open any of these sites.

Problem can be located from error_log like this.

[Wed Sep 14 10:05:28 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Sep 14 16:06:28 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Solution is to explicitly tell apache to host NameVirutalHost also for port 443 in addition to 80 which is default. Make sure you have something like htis in ports.conf or similar httpd configuration file.

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

6 thoughts on “Configure Apache to support multiple SSL sites on a single IP

  1. Hello,

    multiple sites is configured but issue is that, second https site is showing first site certificate. can you please help how to configure sites with different ssl certificates?

    Regards,
    Bahuguna

  2. Hello,

    multiple sites are configured but issue is that, second https site is showing first site certificate. can you please help how to configure sites with different ssl certificates?

    Regards,
    Bahuguna

  3. use a different certificate for each virtual host.

    ex

    SSLEngine on
    SSLCertificateFile “/conf/server.crt”

    SSLEngine on
    SSLCertificateFile “/conf/server2.crt”

  4. Many thanks for posting this simple answer. Your suggestion fixed my SSL issue!!!!!!!
    God Bless,
    Happy in CA.

  5. Hi Bala
    Please post additional info, like error you are having so we can help you.

Leave a Reply

Your email address will not be published.


*