Slash Costs by Using One IP for Multiple SSL Certificates

08-Dec-2014 12:25 PM by Site24x7_Admin_US

For data center administrators, managing secure websites can be a costly endeavor due to the common requirement that every SSL certificate have its own IP address. Aside from requiring administrators to purchase multiple addresses, data center professionals often are forced to purchase multiple network adapters to handle the additional demand. Fortunately Apache v2.2.12 and OpenSSL v0.9.8j along with later versions now support the TLS Extension Server Name Indication (SNI) which allows multiple SSL certificates to be used with a single IP.

SNI technology works by allowing clients to include the hostname in the first message of the SSL handshake. This then allows the server to determine the appropriate virtual host for the request and then put the connection through accordingly. Before this, certificates were limited to one per IP address because it was used to indicate whether the website actually was assigned the certificate.

Keep in mind that SNI is a relatively new technology so if your business primarily uses legacy systems or targets customers using older browsers, you should hold off on implementing SNI. In particular, Internet Explorer and Safari on Windows XP along with the Web DAV client of Windows 7 and 8.

While this technology is already built into popular control panels such as Plesk and cPanel on supported operating systems, if you need to setup SNI manually on Apache is a fairly simple process which can be done by using the following settings in your Apache configuration:

# Ensure that Apache listens on port 443
Listen 443
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443
# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
# Because this virtual host is defined first, it will
# be used as the default if the hostname is not received
# in the SSL handshake, e.g. if the browser doesn't support
# SNI.
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /www/example2
ServerName www.example2.org
# Other directives here
</VirtualHost>

Since the information technology field is constantly changing, with technologies such as SNI helping to revolutionize the way datacenter and system administrator professionals work, it’s always important to ensure that your staff is on top of the latest trends in the industry. To help ensure your employees are able to stay ahead of the curve, Site24x7 has a guide on the top five cloud computing courses and certifications for IT professionals.

Comments (0)