This Article based on the Forum-Thread from Murodese [[hthttp://isp-control.net/forum/thread-4696.html| Link into Forum]]

====== Multiple SSL Certificates on a Single IP/Port using mod_gnutls ======

So I was looking for a solution to the annoying single cert per ip/port and found mod_gnutls - it's been in development for quite a while, but has skimmed under the radar from what I can see.

Basically, it supports SNI - server name indication, which means that it doesn't suffer from the single cert limitation. Not only that, it's pretty easy to install (in etch/lenny at least). If your distro doesn't have it in repositories, you can grab and compile it from source at http://www.outoforder.cc/projects/apache/mod_gnutls/

<code>
apt-get install libapache2-mod-gnutls
a2dismod ssl (this should happen automatically from apt but do it anyway to make sure)
a2enmod gnutls
</code>
Edit /etc/apache2/ports.conf and add the following line.

<code>
Listen 443
</code>
Create/open /etc/apache2/sites-available/02_ssl.conf and write up your virtual hosts.

(x.x.x.x being your server ip)

<code>
NameVirtualHost x.x.x.x:443

<VirtualHost>

ServerName domain1.tld:443

GnuTLSEnable on
GnuTLSCertificateFile /path/to/crt/file/1
GnuTLSKeyFile /path/to/key/file/1
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities

DocumentRoot /var/www/virtual/domain1.tld/htdocs

(other apache directives)

</VirtualHost>


<VirtualHost>

ServerName domain2.tld:443

GnuTLSEnable on
GnuTLSCertificateFile /path/to/crt/file/2
GnuTLSKeyFile /path/to/key/file/2
GnuTLSPriorities NORMAL # this can be changed to a wide range of options - see http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities

DocumentRoot /var/www/virtual/domain2.tld/htdocs

(other apache directives)

</VirtualHost>
</code>

Where I've marked other apache directives, you need to add config directives from the standard ispcp.conf file - suexec parameters and the like, or php won't work.

Enable the site 
<code>a2ensite 02_ssl.conf</code> 
and restart Apache 
<code>/etc/init.d/apache2 restart</code>
 and you should have two separate domains hosted off the same server using different ssl certificates ;]

(I haven't tested this extensively so let me know if anything major is broken - it appears to work ok on our server)

I also didn't cover making your ssl certificates - there's a tonne of tutorials out there already for this.