My understanding is there is a problem with having multiple certificates on a single IP as SSL is negotiated before HTTP happens, however what we can do is Service Name Indication (SNI) in TLS to get around this. According to the SNI wikipedia page both Apache 2 modules mod_ssl and mod_gnutls support this extension and also numerous web clients.
I have been trying to use mod_gnutls on centos 5. I have two separate certificates for two domains but only 1 IP. Each works independently but when I put both into the config at once only the first will work. Any https connection on domain2 shows domain1's certificate.
My config looks like this:
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain1.com
ServerAlias www.domain1.com
DocumentRoot /var/www/html/domain1
GnuTLSEnable on
GnuTLSCertificateFile /etc/pki/tls/certs/www.domain1.crt
GnuTLSKeyFile /etc/pki/tls/domain1/private.key
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/domain2
ServerName www.domain2.com
ServerAlias www.domain2.com
GnuTLSEnable on
GnuTLSCertificateFile /etc/pki/tls/certs/domain2.crt
GnuTLSKeyFile /etc/pki/tls/domain2/private.key
</VirtualHost>
Any ideas? Really been scratching my head over this.
Many thanks