httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ni <>
Subject Re: [users@httpd] Two Name-Based Virtual Hosts : Two SSL Certificates?
Date Sat, 24 Apr 2010 22:08:01 GMT
i think people have been saying SNI does not satisfy Safari browser.

the ssl warning still pops up.  can someone verify?

On Sat, Apr 24, 2010 at 3:03 PM, Jason Nunnelley <> wrote:

> On 4/24/10 4:42 PM, Wang, Mary Y wrote:
>> Crypto,
>> Thanks for the info on SNI.  I'm currently running on httpd-2.0.46,
>> therefore, SNI support is not there. The browsers support listed on that
>> wiki can't support the browser versions that are offered in the company
>> currently. The application is running on Redhat 3.9.
>> Are you saying that I can request two IPs for the same server?  I'd need
>> to contact our admin over here.  I am not sure if we can request a wildcard
>> cert either.
>> If I just request another SSL cert for the second site (not doing any of
>> methods that you listed below), does Apache would still use the default SSL
>> cert for the main site? The user would still get that warning?  Is that what
>> you are saying?
>> Please advise.
> Mary, you've got a few options here.
> 1) Upgrade your server and run SNI even though most sys admins refuse to
> run it. Not likely going to be your pick.
> 2) Add an IP number to your server and run multiple IPs, allowing you to
> set up traditional IP based SSL hosting. You have to do 1 IP per SSL cert if
> you do this. This is an IP on the server. So, you'll configure the server to
> take an extra IP and then add the IP to the configuration for the SSL Apache
> config.
> 3) Run a unified multi-domain SSL certificate. You'll have to buy a new
> certificate from someone who sells a unified certificate. It means you can
> run multiple domains on the same IP, each with different domain names, but
> hosted on the same IP. Some call this a "wildcard" SSL cert. But, typical
> wildcard SSL certs are meant for and not and
> You'll want a cert where you can assign multiple domains to the single cert.
> Most host providers will sell you an IP for this purpose, if it's an actual
> physical server. If it's ephemeral (cloud hosting), that's likely not an
> option.
> You can not run multiple domain certificates without either IP based SSL
> configuration or SNI. IP based SSL certificates will apply the first
> certificate it finds in the configuration. The second is an error, or
> superfluous. It's actually a broken configuration and you should receive an
> apachectl configtest error message if you test the configuration.
> --
> Jason A. Nunnelley
> +1 2562971652
> [Member Tekany, LLC]
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:> for more info.
> To unsubscribe, e-mail:
>  "   from the digest:
> For additional commands, e-mail:

View raw message