httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From azu...@pobox.sk
Subject [users@httpd] Thousands of SSL certificates
Date Sun, 20 Dec 2015 18:19:19 GMT
Hi,

we are, currently, implementing Let's Encrypt CA so every domain and  
subdomain has its own SSL certificate. Everything was ok on servers  
with little amout of virtual hosts but problem with server  
start/reload arises after activation on server with 4000 certificates  
installed - start and reload takes about 1-2 minutes. I have several  
questions:

1.) Any hints how to optimize this?
2.) Will it help if every certificate will have the same  
public/private key so Apache doesn't need to process 4000 private  
keys? Let's ignore any impact on security.
3.) Was anyone other dealing with this yet?

I was also considering joining domains into groups and generating one  
certificate per group (so, for example, with groups of 50 domains this  
will create only 80 certificates) but i don't like this solution very  
much.

Thank you.

azru



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message