Apache Use Https

01-05-2021 by



About the TLS Extension Server Name Indication (SNI)

Make Apache Use Https

When website administrators and IT personnel are restricted to use a single SSL Certificate per socket (combination of IP Address and socket) it can cost a lot of money. This restriction causes them to buy multiple IP addresses for regular https websites from their domain host or buy hardware that allows them to utilize multiple network adapters.

Apache must send a certificate during the SSL handshake before it receives the HTTP request that contains the Host header. Therefore, Apache always sends the SSLCertificateFile from the first block that matches the IP and port of the request. Apache Redirect to HTTPS Although installing an SSL certificate on a website provides the possibility of accessing it with the secure protocol, the protocol is not used by default. To make sure that the website is accessed using the protocol by default, you will need to set up an automatic redirect.

However, with Apache v2.2.12 and OpenSSL v0.9.8j and later you can use a transport layer security (TLS) called SNI. SNI can secure multiple Apache sites using a single SSL Certificate and use multiple SSL Certificates to secure various websites on a single domain (e.g. www.yourdomain.com, site2.yourdomain.com) or across multiple domains (www.domain1.com, www.domain2.com)—all from a single IP address. The benefits of using SNI are obvious—you can secure more websites without purchasing more IP addresses or additional hardware.

Since this is a fairly recent update with Apache, browsers are only recently supporting SNI. Most current major desktop and mobile browsers support SNI. One notable exception is that no versions of Internet Explorer on Windows XP support SNI. For more information on which browsers support SNI, please see SNI browser support.

To use SNI on Apache, please make sure you complete the instructions on the Apache SSL installation page. Then continue with the steps on this page.

Apache use https download

Apache Use Https Yahoo

Setting up SNI with Apache

To use additional SSL Certificates on your server you need to create another Virtual Host. As a best practice, we recommend making a backup of your existing .conf file before proceeding. You can create a new Virtual Host in your existing .conf file or you can create a new .conf file for the new Virtual Host. If you create a new .conf file, add the following line to your existing .conf file:

Https

Next, in the NameVirtualHost directive list your server's public IP address, *:443, or other port you're using for SSL (see example below).

Then point the SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to the locations of the certificate files for each website as shown below:


Use

If you have a Wildcard or Multi-Domain SSL Certificate all of the websites using the same certificate need to reference the same IP address in the VirtualHost IP address:443 section like in the example below:

Apache Use Https Download


Now restart Apache and access the https site from a browser that supports SNI. If you set it up correctly, you will access the site without any warnings or problems. You can add as many websites or SSL Certificates as you need using the above process.


Apache SSL Certificates, Guides, & Tutorials

Apache Use Https Instead Of Http

Buy NowLearn More



Markdown Web
Microsoft Sheets

Comments are closed.