Enabling Server Name Includes on Debian Squeeze

I don’t like waste, particularly when the resource is finite and fast diminishing… I also dislike paying for IP addresses. So here is how I enabled SNI in Apache running on Debian Squeeze. SNI allows multiple sites to host SSL content from the same IP address. Before SNI, Apache would listen for HTTPS (port 443) connections based on destination IP addresses. With SNI, Apache listens on any and all IP addresses and serves the correct content just like standard HTTP (port 80).

First off, you need to check what version of Apach and OpenSSL you are running. If the Apache version is > 2.2.12 and your OpenSSL version is > 0.9.8j – you’re grand.

Find Apache and OpenSSL version

[root@server ~]$ apachectl -v
Server version: Apache/2.2.16 (Debian)
Server built:   Nov 30 2012 08:58:36
[root@server ~]$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

Edit the ports

This is where the magic happens.

[root@server ~]$ vim /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
NameVirtualHost *:443 #Here's where the magic happens
Listen 443

Alter vhosts

Assuming that you are using vhosts in /etc/apache2/sites-enabled , you can alter the virtual hosts to be
<VirtualHost *:443>

Restart apache and you’re good to go.