httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Nunnelley <ja...@jasonn.com>
Subject Re: [users@httpd] Two Name-Based Virtual Hosts : Two SSL Certificates?
Date Sat, 24 Apr 2010 22:03:08 GMT
On 4/24/10 4:42 PM, Wang, Mary Y wrote:
> Crypto,
>
> Thanks for the info on SNI.  I'm currently running on httpd-2.0.46, therefore, SNI support
is not there. The browsers support listed on that wiki can't support the browser versions
that are offered in the company currently. The application is running on Redhat 3.9.
>
> Are you saying that I can request two IPs for the same server?  I'd need to contact our
admin over here.  I am not sure if we can request a wildcard cert either.
>
> If I just request another SSL cert for the second site (not doing any of methods that
you listed below), does Apache would still use the default SSL cert for the main site? The
user would still get that warning?  Is that what you are saying?
>
> Please advise.

Mary, you've got a few options here.

1) Upgrade your server and run SNI even though most sys admins refuse to 
run it. Not likely going to be your pick.
2) Add an IP number to your server and run multiple IPs, allowing you to 
set up traditional IP based SSL hosting. You have to do 1 IP per SSL 
cert if you do this. This is an IP on the server. So, you'll configure 
the server to take an extra IP and then add the IP to the configuration 
for the SSL Apache config.
3) Run a unified multi-domain SSL certificate. You'll have to buy a new 
certificate from someone who sells a unified certificate. It means you 
can run multiple domains on the same IP, each with different domain 
names, but hosted on the same IP. Some call this a "wildcard" SSL cert. 
But, typical wildcard SSL certs are meant for X.domain.com and not X.com 
and Y.com. You'll want a cert where you can assign multiple domains to 
the single cert.

Most host providers will sell you an IP for this purpose, if it's an 
actual physical server. If it's ephemeral (cloud hosting), that's likely 
not an option.

You can not run multiple domain certificates without either IP based SSL 
configuration or SNI. IP based SSL certificates will apply the first 
certificate it finds in the configuration. The second is an error, or 
superfluous. It's actually a broken configuration and you should receive 
an apachectl configtest error message if you test the configuration.

-- 

Jason A. Nunnelley
+1 2562971652

http://www.google.com/profiles/imjasonn

[Member Tekany, LLC]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message