SSL with Apache on Ec2 (and multiple hosts)

With a recent request to host a website that required SSL, I’m left considering how I would be able to extend SSL support to other hosts on my ec2 server.

When a browser requests a page on port 443 the request arrives encrypted, so Apache has no idea which hostname is making the request. This means your initial setup can only support one website with SSL certificates.

However some options exist.

SSL Certificate with multiple hostnames

It’s possible to have just one SSL certificate for all of the hostnames on your ec2 server. This is the easiest workaround

Add additional IP addresses to your Ec2 Server

By adding extra IPs to your Ec2 you can amend your hostname’s DNS to point to a new IP. Then, you can configure Apache via Vhosts to know that traffic on that inbound IP is only for that hostname.

SSL with Virtual Hosts Using SNI

This is the best approach however, and is what I plan to explore. Using SNI the browser will tell Apache in the handshake which hostname it is establishing the request for!


As a side note I spent well over an hour trying to figure out why the simple SSL certificate wasn’t working yesterday. The solution was easy in the end, by default my ec2 server did not have port 443 open in the network acl! I had to add this manually via the ec2 console. Lesson learnt!

Leave a Reply

Your email address will not be published. Required fields are marked *