Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 5893 invoked from network); 22 Apr 2010 00:32:07 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 22 Apr 2010 00:32:07 -0000 Received: (qmail 31220 invoked by uid 500); 22 Apr 2010 00:32:04 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 31191 invoked by uid 500); 22 Apr 2010 00:32:04 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 31183 invoked by uid 99); 22 Apr 2010 00:32:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 00:32:04 +0000 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=AWL,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of michaelcni@gmail.com designates 209.85.217.220 as permitted sender) Received: from [209.85.217.220] (HELO mail-gx0-f220.google.com) (209.85.217.220) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Apr 2010 00:31:59 +0000 Received: by gxk20 with SMTP id 20so2447709gxk.12 for ; Wed, 21 Apr 2010 17:31:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=N0MlyyMJlGY7xnBC9OhaRomQW9qw1JY6fjmle/q1bhs=; b=IqwhEH1TdEr0hUhaTqBXDhgN6VfXmYpa4HMBHFfMiuZy1YfNKPt3U4vRlpTTvd58zL KwMo29H1eUIxpmW7BXwAKAMxmD8xleltTd+EuZOJoEdQqyS9ZJl+ECC0tj5Z5b1qVtIO CzA493ytlyzWSjWchq76D8ZTrLQXsZCp3G9tU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=FEarSJWuk8OxJaRwRIXkxBg38V1NAL2Lq0IaHER1KGxnXTkw6JWgHs/FffIJ3ml9MX xwLTH+ik/ukU8eBU+lK8r6vC9B3K45msQkbWNGf6MaU02jQlkdXYWEQfgvJVOt/mcAGN MbYALUxYBhpTiiTInLVlthZ6YENGIBDXi7VK0= MIME-Version: 1.0 Received: by 10.231.24.211 with HTTP; Wed, 21 Apr 2010 17:31:37 -0700 (PDT) In-Reply-To: <4BCF9793.6040501@gmail.com> References: <4BCF9793.6040501@gmail.com> Date: Wed, 21 Apr 2010 17:31:37 -0700 Received: by 10.101.75.10 with SMTP id c10mr22371473anl.7.1271896297388; Wed, 21 Apr 2010 17:31:37 -0700 (PDT) Message-ID: From: Michael Ni To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=0016368e1fc0ffd1af0484c86e11 Subject: Re: [users@httpd] multiple SSL on one computer - IP --0016368e1fc0ffd1af0484c86e11 Content-Type: text/plain; charset=ISO-8859-1 l i got it working with using multiple address records, having a certain subdomain host point to a different ip then on my server, have 2 ips and using ip based virtual host kinda annoying, feels like a waste of IP does anyone else have a better solution? besides using SNI On Wed, Apr 21, 2010 at 5:25 PM, Crypto Sal wrote: > On 04/21/2010 08:11 PM, Tom Evans wrote: > >> On Wed, Apr 21, 2010 at 11:48 PM, Michael Ni >> wrote: >> >>> i have a situation where I have only one computer (one IP) with >>> 2 virtual hosts >>> >>> one virtual host is static.foobar.com >>> >>> one virtual host is www.foobar.com >>> >>> both have separate ssl certs registered to the corresponding domain. >>> >>> i tried putting SSL in each but apache is using the first one registered. >>> >>> How can I get this to work without need another computer? >>> >>> >>> >>> You won't need another computer, but you will need another IP address >> if you wish to support IE. Sorry, its how it works. >> >> Cheers >> >> Tom >> > > > Tom, > > That's misleading information. Windows Vista and greater DO support SNI > (Server Name Indication) and since those Operating Systems do support SNI, > so does IE. Since most other browser vendors make use of non-MSFT(usually a > form of OpenSSL) crypto, they usually are fine and have been fine for years. > > There is also the possibility of using a Wildcard Certificate as well if > the Doman Name structure is similar. > > --Sal > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --0016368e1fc0ffd1af0484c86e11 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable l i got it working with
using multiple address records,
having a cert= ain subdomain host point to a different ip

then on my server, have 2= ips
and using ip based virtual host

kinda annoying, feels like = a waste of IP

does anyone else have a better solution? besides using SNI


<= br>
On Wed, Apr 21, 2010 at 5:25 PM, Crypto Sal <= span dir=3D"ltr"><crypto.sal@gma= il.com> wrote:
=A0On 04/21/2010 08:11 PM, Tom Evans wrote:
On Wed, Apr 21, 2010 at 11:48 PM, Michael Ni<michaelcni@gmail.com> =A0wrote:
i have a situation where I have only one computer (one IP) with
2 virtual hosts

one virtual host is = static.foobar.com

one virtual host is www= .foobar.com

both have separate ssl certs registered to the corresponding domain.

i tried putting SSL in each but apache is using the first one registered.
How can I get this to work without need another computer?



You won't need another computer, but you will need another IP address if you wish to support IE. Sorry, its how it works.

Cheers

Tom


Tom,

That's misleading information. Windows Vista and greater DO support SNI= (Server Name Indication) and since those Operating Systems do support SNI,= so does IE. Since most other browser vendors make use of non-MSFT(usually = a form of OpenSSL) crypto, they usually are fine and have been fine for yea= rs.

There is also the possibility of using a Wildcard Certificate as well if th= e Doman Name structure is similar.

--Sal


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.<= br> See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
=A0" =A0 from the digest: users-digest-unsubscribe@httpd.apache.o= rg
For additional commands, e-mail: users-help@httpd.apache.org


--0016368e1fc0ffd1af0484c86e11--