Here’s how to configure SSL on virtual host using the same IP address with Apache and mod_ssl also know as NameBasedSSLVHosts on CentOS 6.5

What is NameBased virtual host?

A shared web hosting service or virtual hosting service or derive host refers to a web hosting service where many websites reside on one web server connected to the Internet. Each site “sits” on its own partition, or section/place on the server, to keep it separate from other sites

What is mod_ssl?

mod_ssl is an optional module for the Apache HTTP Server. Provides strong cryptography for the Apache v1.3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.

Configure HTTP redirect to HTTPS

nano /etc/httpd/conf/httpd.conf

In the  httpd.conf file, I will configure it to redirect from HTTP to HTTPS.

<VirtualHost *:80>
 DocumentRoot /opt/web1/
 ServerName web1.net
 Redirect permanent / https://web1.net/
</VirtualHost>
<VirtualHost *:80>
 DocumentRoot /opt/web2/
 ServerName web2.net
 Redirect permanent / https://web2.net/
</VirtualHost>

Configure virtual host in ssl.conf instead of httpd.conf

nano /etc/httpd/conf.d/ssl.conf

The content below is allow only a strong Cipher and SSL Protocol.

LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost *:443
SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!RC4
SSLProtocol -ALL +SSLv3 +TLSv1

<VirtualHost *:443>
  DocumentRoot /opt/web1/
  ServerName web1.net
  CustomLog /opt/web1/logs/access_log combined
  ErrorLog /opt/web1/logs/error_log
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/web1/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/web1/ca.key
        
        SSLOptions +StdEnvVars
        
        <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
        
        SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot /opt/web2/
  ServerName web2.net
  CustomLog /opt/web2/logs/access_log combined
  ErrorLog /opt/web2/logs/error_log
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/web2/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/web2/ca.key
        
        SSLOptions +StdEnvVars
        
        <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
        
        SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</VirtualHost>

Restart Apache

service httpd restart