httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <emailgr...@gmail.com>
Subject Re: [users@httpd] Options for multiple SSL domains on 1 server
Date Mon, 04 Oct 2010 15:50:44 GMT
>> I need to set up SSL certificates for multiple domain names on a
>> single server.  I've done some research and I think these are my
>> options:
>>
>> 1. use multiple IPs
>> drawbacks: requires separate apache2 config for each SSL domain, extra
>> IPs must be allocated by the hosting company
>>
>> 2. use multiple ports
>> drawbacks: requires separate apache2 & firewall config for each SSL
>> domain, port numbers look weird in the URL
>>
>> 3. Server Name Indication
>> drawbacks: browser support is not widespread enough yet
>>
>> 4. X.509 v3 with subjectAltName
>> drawbacks: ???
>>
>> Are there other options?  Are there drawbacks to relying on X.509 v3
>> with subjectAltName, or is that the way to go?
>
> Options 1) and 2) don't require seperate apache2 configs. You can have
> apache listen to multiple IPs or Ports. Just add the necessary
> "Listen" statements to your config, and than a virtualhost for each
> SSL host.
>
> Personally I think that until SNI adoption gets more widespread the
> best option is 1) if you have the IPs to spare, as it doesn't have any
> more config overhead than the other options and is going to work as
> expected.
>
>
> Krist

Thanks Krist.

The "virtualhost for each SSL host" is what I mean by separate apache2
configs.  I'd like to be able to define different domain names on the
fly within my perl scripts without changing apache2 config.  Maybe
we're just not there yet?

Why would you use multiple IPs instead of X.509 v3 with
subjectAltName?  Does subjectAltName have any drawbacks?

- Grant

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message