Installed on a 64-bit CentOS 5.8 system.
Configuring Apache for SNI
--------------------------
# Configure CentOS Testing repo and install mod_gnutls
wget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d
yum install mod_gnutls
Here's the package manifest:
/etc/httpd/conf.d/mod_gnutls.conf
/etc/httpd/conf/dhfile
/etc/httpd/conf/rsafile
/usr/lib64/httpd/modules/libmod_gnutls.so
/usr/share/doc/mod_gnutls-0.2.0
/usr/share/doc/mod_gnutls-0.2.0/LICENSE
/usr/share/doc/mod_gnutls-0.2.0/NOTICE
/usr/share/doc/mod_gnutls-0.2.0/README
/var/cache/mod_gnutls_cache
Symlink the shared object file:
ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so
Disable `ssl.conf` from loading
mv /etc/httpd/conf.d/ssl.conf{,.old}
Edit `/etc/httpd/conf.d/mod_gnutls.conf` and uncomment (or add) the
following:
LoadModule gnutls_module modules/mod_gnutls.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Listen 443
Configuring Virtual Hosts
-------------------------
Let's say I want SNI for two virtual hosts:
- `test.example.com`
- test.eng.uiowa.edu (merely a CNAME for the above)
I create a configuration file for each in `/etc/httpd/conf.d/`. Let's
start with `test.example.com`. Here's a skeleton:
ServerName test.example.com
DocumentRoot /var/www/html/test.example.com
ServerAdmin support@test.example.com
Options FollowSymLinks -Indexes
AllowOverride All
CustomLog /var/log/httpd/test.example.com-access.log combined
ErrorLog /var/log/httpd/test.example.com-error.log
LogLevel warn
GnuTLSEnable on
GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt
GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key
ServerName test.example.com
DocumentRoot /var/www/html/test.example.com
ServerAdmin support@test.example.com
Options FollowSymLinks -Indexes
AllowOverride All
CustomLog /var/log/httpd/test.example.com-access.log combined
ErrorLog /var/log/httpd/test.example.com-error.log
LogLevel warn
I do the same for the other virtual host and restart Apache. Done.