SNI SSL with Apache 2.4

by J. Edward Durrett

FreeBSD SSL(Actually TLS) APACHE 2.4 SNI (Server Name Indicator)

For the longest time, it was generally understood that each SSL/TLS
web server must have its own IP address. With SNI, a single host with
a single IP can host many SSL/TLS servers. The one caveat is, older
browers, lets say IE on XP, can't take advantage of this technology.
On some sites I manage XP traffic is < .01% but others it can be as
high as 15%. Obviously, for business reasons alone, locking out 15% of the
users is not a good idea.

To enable SNI, just add a new declaration in the virtual host context
of /usr/local/etc/apache24/extra/httpd-ssl.conf:


VirtualHost servername.domain:443
variables go here
/VirtualHost


An easy way to get started is by taking a good ssl configuration and
appending a copy of the working VirtualHost section to the end of
httpd-ssl.conf. Then, by change the variables as needed,
namely ServerName and the paths to the certificate files.
.










Copyright (c) 2019, Jason Edward Durrett - All content on this site, unless otherwise noted, is subject to this license.

Please contact me if any errors, such as erroneous / misleading content or missing / incomplete attribution, are found.