We have a web server with a couple of internet IPs.
I have successfully set up SNI name based virtualhosts, it's working great. What I'd like to do though is have our main site NOT use SNI and use one of the unique IP addresses alone so that our browser support for that site is improved (XP/IE combinations..)
We run a very popular site which has a significant amount of users running badly outdated browsers so it's quite important to us.
Running Apache 2.2 (2.2.15-47.el6_7) on CentOS 6.
Best Answer
As others have stated just put the first site as the first virtual host and it will work whether SNI is enabled or not:
However non-SNI browsers to site 2 will be served the certificate for site1 and so will error (and the users might wonder why they've got a certificate for a different site, though if still on non-SNI browsers they are probably not that tech savvy).
However, it is possible to provide access to all users for all your sites, despite the apparent SNI issue, if you have a single certificate that covers all the sites subject alternative name field.
You can then have two virtual hosts using the same key and cert:
So you have the same key and certificate for two sites (or three, or more if you want).
So www.site1.com always works as, even without SNI support it's the default host.
For www.site2.com it gets more interesting:
So this works because a https connection involves two distinct and unrelated steps: 1) do SSL negotiation and 2) request document using that SSL connection, and these two steps do not have to be from the same virtual host (though most people assume it does).
The main downside with this option is that, depending how closely related the websites are, it may look unprofessional to have two different URLs on the same certificate. However, presumably if they are sharing a host, they are somewhat related businesses (unless the server is owned by a hosting company) so this may not be an issue.
I find this a handy little workaround, especially for dev servers where I might want to host several sites on one IP address, where I use self-signed cents with multiple URL in the subject alternative name field.