Linux 4 All

Best Linux tricks source

Posts in the SNI category

Yes, you can do it. You need openssl 0.9.8f who comes with RHEL 6.

RHEL 6 comes with Apache 2.2 who supports SNI (Server Name Identification) .

Server Name Indication (also known as “SNI”) is an extension of TLS that sends the name of the virtual domain as part of the TLS negotiation, which allows for SSL sites to be configured as Virtual Hosts on the same IP. This means that a web server will be able to serve more than one SSL certificate per IP address. However, clients that support SNI are not as widespread as they should be, so it is currently not advised to implement it unless you are 100% sure your client base will be running new enough software to support it.

If you are on a Linux server that supports SNI, you can configure Apache to use it very easily:

NameVirtualHost 192.168.100.100:443
# We want Non-SNI capable browsers to receive an error message, rather than possibly accessing the wrong site:
SSLStrictSNIVHostCheck on

Servername domain.com
DocumentRoot /var/www/vhosts/domain.com
SSLCertificateFile /etc/pki/tls/certs/2012-domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/2012-domain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/2012-domain.com.ca.crt
SSLEngine on
ErrorLog logs/domain.com-ssl_error_log
CustomLog logs/domain.com-ssl_access_log common

Servername www.example.com
DocumentRoot /var/www/vhosts/www.example.com
SSLCertificateFile /etc/pki/tls/certs/www.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/www.example.com.ca.crt
SSLEngine on
CustomLog logs/www.example.com-ssl_access_log common
ErrorLog logs/www.example.com-ssl_error_log