httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Samuel Fuchs" <samuel.fu...@unycom.com>
Subject RE: [users@httpd] multiple SSL on one computer - IP
Date Thu, 22 Apr 2010 08:27:28 GMT
As far as I know there is also the possibility to use a different port for the second vhost.
But in this case you will always have to type the port in your address field (e.g. https://nameof.some.host:9443).
 

-----Original Message-----
From: Tom Evans [mailto:tevans.uk@googlemail.com] 
Sent: Donnerstag, 22. April 2010 10:22
To: users@httpd.apache.org
Subject: Re: [users@httpd] multiple SSL on one computer - IP

On Thu, Apr 22, 2010 at 1:25 AM, Crypto Sal <crypto.sal@gmail.com> wrote:
>  On 04/21/2010 08:11 PM, Tom Evans wrote:
>>
>> On Wed, Apr 21, 2010 at 11:48 PM, Michael Ni<michaelcni@gmail.com>  wrote:
>>>
>>> i have a situation where I have only one computer (one IP) with
>>> 2 virtual hosts
>>>
>>> one virtual host is static.foobar.com
>>>
>>> one virtual host is www.foobar.com
>>>
>>> both have separate ssl certs registered to the corresponding domain.
>>>
>>> i tried putting SSL in each but apache is using the first one registered.
>>>
>>> How can I get this to work without need another computer?
>>>
>>>
>>>
>> You won't need another computer, but you will need another IP address
>> if you wish to support IE. Sorry, its how it works.
>>
>> Cheers
>>
>> Tom
>
>
> Tom,
>
> That's misleading information. Windows Vista and greater DO support SNI
> (Server Name Indication) and since those Operating Systems do support SNI,
> so does IE. Since most other browser vendors make use of non-MSFT(usually a
> form of OpenSSL) crypto, they usually are fine and have been fine for years.
>
> There is also the possibility of using a Wildcard Certificate as well if the
> Doman Name structure is similar.
>
> --Sal

No, it isn't. If you wish to support IE 6 or 7, chrome or safari on
windows XP - which is a huge, enormous section of the browser
population - then you cannot use SNI. Trying to say otherwise just
because YOU only use firefox is what is misleading.

More to the point, show me one major commercial deployment actually using SNI.

The OP also indicated that he had already purchased his certificates,
thus precluding wildcard domains. It is much cheaper (by far!) to get
an additional IP than it is to purchase a new wildcard certificate.

So, yes, very clever to note SNI, however it is not a reliable
solution for ~40% of users on the internet.

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Mime
View raw message