Howto GnuTLS
I've recently installed GnuTLS on a server.
Why?
GnuTLS is a free way of serving up secure sites (https). One very specific advantage is that it can host more than one certificate on one IP address. Many pages on the internet will tell you that this is not possible. That's total BS.
How?
It's easy. The example here is for Debian Squeeze, assume you are using Apache2 as http server and already have it installed. You will need to have the mod-gnutls package libapache2-mod-gnutls installed.
apt-get install libapache2-mod-gnutls
You may also get it installed by another method. Now you can run Debian's special commands to enable/disable the correct modules in Apache2:
a2dismod ssl a2enmod gnutls
I'm assuming you don't want to keep the old mod_ssl mod, it might well get in the way. So now you need to configure the https bit for your sites virtual host. Here's an example config. Put it in /etc/apache2/sites-available/mysitename and then, well, you should know the rest if you are using Apache2 already really.
<VirtualHost server.example.net:443> ServerName server.example.net:443 ServerAlias server.example.net DocumentRoot /var/www/mywebsite/ # SSLEngine on # SSLCertificateFile /etc/apache2/ssl/server.example.net.pem GnuTLSEnable on GnuTLSCertificateFile /etc/apache2/ssl/server.example.net.crt # see note on talk page GnuTLSKeyFile /etc/apache2/ssl/server.example.net.key GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT </VirtualHost>
Note here that the old equivalent mod_ssl declarations have been commented out, also that the certificate is handed to mod_gnutls as two seperate files, the .crt (certificate) and .key (key) files. mod_ssl was able to us the combined .pem format which was literally a concatenation of the the certificate and key files. Anyhow, mod_gnutls can't do that, so we have to have them separate.
Now restart Apache2.
What now?
Keep adding virtual hosts with different certificates, they will all work.