httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] Options for multiple SSL domains on 1 server
Date Mon, 04 Oct 2010 05:54:39 GMT
On Fri, Oct 1, 2010 at 11:04 PM, Grant <emailgrant@gmail.com> wrote:
> I need to set up SSL certificates for multiple domain names on a
> single server.  I've done some research and I think these are my
> options:
>
> 1. use multiple IPs
> drawbacks: requires separate apache2 config for each SSL domain, extra
> IPs must be allocated by the hosting company
>
> 2. use multiple ports
> drawbacks: requires separate apache2 & firewall config for each SSL
> domain, port numbers look weird in the URL
>
> 3. Server Name Indication
> drawbacks: browser support is not widespread enough yet
>
> 4. X.509 v3 with subjectAltName
> drawbacks: ???
>
> Are there other options?  Are there drawbacks to relying on X.509 v3
> with subjectAltName, or is that the way to go?

Options 1) and 2) don't require seperate apache2 configs. You can have
apache listen to multiple IPs or Ports. Just add the necessary
"Listen" statements to your config, and than a virtualhost for each
SSL host.

Personally I think that until SNI adoption gets more widespread the
best option is 1) if you have the IPs to spare, as it doesn't have any
more config overhead than the other options and is going to work as
expected.


Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message