httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Re: [users@httpd] mod_vhost_alias + ssl
Date Sat, 07 Mar 2009 22:49:34 GMT
Eric Covener wrote:
> On Sat, Mar 7, 2009 at 5:03 PM,
> <>  wrote:
>> Hi,
>> With SNI it is now possible to use more certificates with one ip address.
>> Unfortunately there's no mod_vhost_alias support (and I'm not aware of a
>> workaround). So, assuming I use "VirtualDocumentRoot
>> /var/www/vhosts/%-2.1/%-2.0.%-1.0/htdocs/%-3+/"  to map
>> -->    /var/www/vhosts/e/
>> -->    /var/www/vhosts/e/
>> I'd need
>> VirtualSSLCertificateFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.crt
>> VirtualSSLCertificateKeyFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.key
>> or some workaround. Anybody got any ideas? Devs, would this be possible to
>> implement? Similarly, is there a solution to avoid multiple entries like
>> <Directory /var/www/vhosts/e/>
>> php_admin_value open_basedir /tmp:/var/www/vhosts/e/
>> </Directory>
>> in a mod_vhost_alias-like way?
> Seems like a dead if you're trying to use different certificates on
> the same IP:port combination. There's no SNI support in a released
> version of Apache, so the certificate is presented before anything can
> see a hostname (Host: header is available after, and nobodies reading
> the TLS extension containing the servername)
well the patch is out there a long time ... distros package it with 
apache so, while it may not be currently a part of apache's official 
release yet,
i don't think its a wise thing to wait for the official sni apache and 
then wait even more for a sni patch to mod_vhost_alias.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message