SNI with mod gnutls on CentOS Revision as of Thursday, 28 May 2026 at 13:06 UTC

Installed on a 64-bit CentOS 5.8 system.

Configuring Apache for SNI

# Configure CentOS Testing repo and install mod_gnutls
wget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d
yum install mod_gnutls

Here’s the package manifest:

/etc/httpd/conf.d/mod_gnutls.conf
/etc/httpd/conf/dhfile
/etc/httpd/conf/rsafile
/usr/lib64/httpd/modules/libmod_gnutls.so
/usr/share/doc/mod_gnutls-0.2.0
/usr/share/doc/mod_gnutls-0.2.0/LICENSE
/usr/share/doc/mod_gnutls-0.2.0/NOTICE
/usr/share/doc/mod_gnutls-0.2.0/README
/var/cache/mod_gnutls_cache

Symlink the shared object file:

ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so

Disable ssl.conf from loading

mv /etc/httpd/conf.d/ssl.conf{,.old}

Edit /etc/httpd/conf.d/mod_gnutls.conf and uncomment (or add) the following:

LoadModule gnutls_module modules/mod_gnutls.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
Listen 443

Configuring Virtual Hosts

Let’s say I want SNI for two virtual hosts:

I create a configuration file for each in /etc/httpd/conf.d/. Let’s start with test.example.com. Here’s a skeleton:

<VirtualHost 19.65.24.170:80>
    ServerName test.example.com
    DocumentRoot /var/www/html/test.example.com
    ServerAdmin support@test.example.com

    <Directory />
        Options FollowSymLinks -Indexes
        AllowOverride All
    </Directory>

    CustomLog /var/log/httpd/test.example.com-access.log combined
    ErrorLog /var/log/httpd/test.example.com-error.log
    LogLevel warn
</VirtualHost>

<VirtualHost 19.65.24.170:443>
    GnuTLSEnable on
    GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt
    GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key

    ServerName test.example.com
    DocumentRoot /var/www/html/test.example.com
    ServerAdmin support@test.example.com

    <Directory />
        Options FollowSymLinks -Indexes
        AllowOverride All
    </Directory>

    CustomLog /var/log/httpd/test.example.com-access.log combined
    ErrorLog /var/log/httpd/test.example.com-error.log
    LogLevel warn
</VirtualHost>

I do the same for the other virtual host and restart Apache. Done.