httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@six-group.com>
Subject RE: [users@httpd] how to get multiple SSL with name based vhost ?
Date Tue, 01 Dec 2009 09:08:17 GMT
> -----Original Message-----
> From: J. Bakshi [mailto:joydeep@infoservices.in] 
> Sent: Tuesday, December 01, 2009 8:20 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] how to get multiple SSL with name 
> based vhost ?
> 
> ...
>
> Thanks for your nice explanatory  response.  The server where 
> my apache
> is running is based on opensuse 11.0 . Hence I don't think 
> this box can
> support SNI. As this is a production server I can't simply upgrade the
> box. So I need some other alternative.

Krist explained it very nicely... But maybe you still didn't get it: Without SNI, there is
NO WAY TO DO THIS. It is a fundamental limitation of the HTTPS protocol with no production-grade
work-around. SNI (server-name indication) was specifically added to address this limitation.
There is simply NO ALTERNATIVE. 

Having said that, if you have a research or academic environment and don't care about browser
warnings, you can just use the same cert for all sites. You will get the encryption aspect
of HTTPS but not the authentication aspect.

Alternatively, if all sites have the same domain-name (eg, sales.wibble.com, shop.wibble.com
etc), you can get a wildcard cert that certifies *.wibble.com.

Aside from these special cases, there is NO WAY to have name-based SSL VHs.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> Thanks to make me 
> familiar with SNI
> 
> -- 
> জয়দীপ বক্সী
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their
networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message