I have a centos 7 server. I switched from apache 2.4.6 to apache 2.4.25 using IUS repository (https://ius.io/). My goal is to support multiple SSL certificates with a single IP.
I have installed:
- Apache/2.4.25 (CentOS)
- httpd24u-mod_ssl-2.4.25-3.ius.centos7.x86_64
- openssl-1.0.1e-60.el7_3.1.x86_64
Is apache now SNI enabled?
Or do I have to build it from scratch with ./configure –with-ssl=/path/to/your/openssl as in documentation (https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI)?
Thank you for your time.
Best Answer
The stock CentOS httpd & mod_ssl packages would already have supported SNI. SNI has been supported by openssl since version 0.9.8f and any httpd since version 2.2.12 built with openssl 0.9.8f and newer automatically will support SNI.
But to check if your httpd and mod_ssl support SNI:
Simply test by configuring name based SSL/TLS virtual hosts and check your error log after restarting (from the apache httpd wiki you already linked to):
Alternatively use
ldd
to confirm that mod_ssl is linked against openssl's libssl and confirm the version: