Information about setting up Apache to serve multiple HTTPS sites using one IP address, see also VhostTaskForce.
Generating a Cert
The easiest way is to use the shell script on the VhostTaskForce page.
Example Configuration
You can specify and IP address or use a wild card.
NameVirtualHost 192.168.0.1:443
# or
# NameVirtualHost *:443
# foo.example.org:443
<VirtualHost 192.168.0.1:443>
# or
# <VirtualHost *:443>
ServerName foo.example.org:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
DocumentRoot "/var/www/foo.example.org"
<Directory "/var/www/foo.example.org">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# www.foo.example.org:443
<VirtualHost 192.168.0.1:443>
ServerName www.foo.example.org:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://foo.example.org/
</VirtualHost>
# example.foo:443
<VirtualHost 192.168.0.1:443>
ServerName example.foo:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://foo.example.org/
</VirtualHost>
# www.example.foo:443
<VirtualHost 192.168.0.1:443>
ServerName www.example.foo:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://foo.example.org/
</VirtualHost>
# bar.example.org:443
<VirtualHost 192.168.0.1:443>
ServerName bar.example.org:443
UseCanonicalName On
SSLEngine on
DocumentRoot "/var/www/bar.example.org"
<Directory "/var/www/bar.example.org">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# www.bar.example.org:443
<VirtualHost 192.168.0.1:443>
ServerName www.bar.example.org:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://bar.example.org/
</VirtualHost>
# example.bar:443
<VirtualHost 192.168.0.1:443>
ServerName example.bar:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://bar.example.org/
</VirtualHost>
# www.example.bar:443
<VirtualHost 192.168.0.1:443>
ServerName www.example.bar:443
UseCanonicalName On
SSLEngine on
SSLCertificateFile /etc/crypt/foo-bar_server.pem
SSLCertificateKeyFile /etc/crypt/foo-bar_privatekey.pem
Redirect / https://bar.example.org/
</VirtualHost>
Domain Name Mismatch Errors
There seems to be various ways to get a Domain Name Mismatch error when setting up Apache to do multiple HTTPS VirtualHosts.
There is a screenshot of this error here: https://en.wiki.aktivix.org/CAcert
UseCanonicalName
Apache has UseCanonicalName On by default and when it is on you can use one VirtualHost with multiple ServerAlias' with all these ServerAlias' and the ServerName in the cert.
If however you have UseCanonicalName Off the you can't use any ServerAlias' and you have to have one VirtualHost per ServerName and then set all the VirtualHost's to use the same cert.
See the Apache docs for more info: http://httpd.apache.org/docs/2.0/mod/core.html#usecanonicalname
Repeating the CommonName as a SubjectAltName
The CommonName is ignored if you have any SubjectAltName's so the best thing to do it to repeat the CommonName as a SubjectAltName. If you don't do this then a VirtualHost set up with the ServerName the same as the CommonName will result in a Domain Name Mismatch error message.