availability: January 2017
Apache provides a way of hosting multiple sites on one instance.
To make the difference between lets say www.domain1.org and www.domain2.org you can make:
While this works well for HTTP, there is an Issue with HTTP/S: Before the browser actually requests the page, it first has to negotiate the certificate. So this is a chicken-egg problem. It can not send out the correct certificate before he knows the name, and he can not send the name before the SSL handshake.
As the Apache 2.x documentation puts it:
Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.
It comes as rather a shock to learn that it is impossible.
This impossible depends on what you require....
Getting Apache started on Virtual SSL Hosts
The trick is to configure Apache similar to a HTTP Virtual Host but making it listen on *:443 , the standard SSL port.
NameVirtualHost :443
<VirtualHost :443>
ServerName www.domain1.com
SSLEngine on
SSLCertificateFile /path/to/www.domain1.com.cert
SSLCertificateKeyFile /path/to/www.domain1.com.key
DocumentRoot /www/vhosts/domain1.com
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
As you can see the certificate there are multiple certificates specified. But actually Apache will use the first one Only, no matter what you specify.
This is further described in detail in http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
Note: If you fix the IP address of one of the SSL virtual hosts, it will not work anymore.
Fixing the certificates errors:
So if we can only specify one SSL certificate, how do we get the multiple names in it? The recipe depends on what kind of names
site.domain.com and site2.domain.com
This kind of certificate would require a wildcard certificate. You can get wildcard certificates (*.domain.com) from your Certificate Provider. They will often charge you extra for this. Also this might be dangerous too, having all names under one certificate. So take care!
http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2.2
site.domain1.com and site.domain2.com (one owner)
Certificates allow you to specify multiple names in your certificates by using the subjectAlternativeName. The creation process is explained
http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/
site.domain1.com and site domain2.com (different owners)
The problem is actually a result of the implementation of Apache standard SSL module. Fixes exist as patches or other modules f.i. the mod_gnutls module. ( http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/ )