Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.
As the original developers of the SSL protocol, Netscape started out with a lead in the SSL server market. But they were soon overtaken by Microsoft's Internet Information Server, which within a few years held a steady 40-50% of the SSL server market.
Apache has taken much longer to reach the top. Version 1 of Apache did not include SSL support : in the 1990s, US export controls, and the patent on the RSA algorithm in the US, meant that cryptographic support for open source projects had to be developed outside of the US, and were distributed separately. Several independent projects provided SSL support for Apache, including Apache-SSL and mod_ssl; but commercial spin-offs, like Stronghold by c2net (later bought by Red Hat), were more popular at that time.
Now that mod_ssl is included as standard in version 2, Apache has become more popular for hosting secure websites. The total for Apache includes other projects from the ASF including Tomcat, and includes Apache-SSL, but does not include derived products like Stronghold or IBM HTTP Server. c2net/Red Hat includes only Stronghold and Red Hat SWS.
Apache is also gaining from geographical changes. The US, where Microsoft retains a strong lead, used to have over 70% of the Internet's secure websites. Other countries have been catching up, however: countries including Japan and Germany, where Apache is preferred, have faster growth in SSL sites. As ecommerce has caught on in other countries, the US share has been diluted, and is now only 50%.
Netcraft's SSL survey has been running since 1996. It tracks the growing use of secure web servers on the Internet, and the server software, operating systems and certificates that are used. Single user and company subscriptions are available, and custom datasets can be produced on request.