Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CBEB418DE4 for ; Wed, 3 Feb 2016 10:54:34 +0000 (UTC) Received: (qmail 63465 invoked by uid 500); 3 Feb 2016 10:54:32 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 63427 invoked by uid 500); 3 Feb 2016 10:54:32 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 63415 invoked by uid 99); 3 Feb 2016 10:54:32 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Feb 2016 10:54:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 059B2C01A8 for ; Wed, 3 Feb 2016 10:54:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.155 X-Spam-Level: X-Spam-Status: No, score=0.155 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.545, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=qiqZU6wL; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=qiqZU6wL Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id g5T4erEp6Rp9 for ; Wed, 3 Feb 2016 10:54:25 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 9DAA020CD0 for ; Wed, 3 Feb 2016 10:54:24 +0000 (UTC) Received: by mail.greenbytes.de (Postfix, from userid 117) id F03BD15A0A39; Wed, 3 Feb 2016 11:54:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1454496862; bh=pDK/t93O5ecRmz2PCfUihT042+O/e3YR1ViQN1ry2B8=; h=Subject:From:In-Reply-To:Date:References:To:From; b=qiqZU6wLwXpS/TBdBjXNeyTrMHWVvK0Dpn5DPr5FR4xM2hUBPHB0VBNFMDqoVQXFK Ds2kfzTDCkrxLBJNpryeVoEUiTS+lGsKC3JwESU017RAQFG4mC896ePs/E9j4JAvLq pa83Q51gwpcqlpTOlmh/ess/+mMsFAq1xpDkqCxM= Received: from [192.168.1.42] (unknown [217.91.35.233]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id F1C5B15A00E1 for ; Wed, 3 Feb 2016 11:54:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1454496862; bh=pDK/t93O5ecRmz2PCfUihT042+O/e3YR1ViQN1ry2B8=; h=Subject:From:In-Reply-To:Date:References:To:From; b=qiqZU6wLwXpS/TBdBjXNeyTrMHWVvK0Dpn5DPr5FR4xM2hUBPHB0VBNFMDqoVQXFK Ds2kfzTDCkrxLBJNpryeVoEUiTS+lGsKC3JwESU017RAQFG4mC896ePs/E9j4JAvLq pa83Q51gwpcqlpTOlmh/ess/+mMsFAq1xpDkqCxM= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Stefan Eissing In-Reply-To: <56B1DA3D.8060102@felipegasper.com> Date: Wed, 3 Feb 2016 11:54:21 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <56AF895F.5060704@felipegasper.com> <56AF92E0.1020104@uni-due.de> <56AF93ED.5020005@felipegasper.com> <56B1DA3D.8060102@felipegasper.com> To: users@httpd.apache.org X-Mailer: Apple Mail (2.3112) Subject: Re: [users@httpd] SNI SSL per domain? common.conf: ServerName foo.tld SSLCertificateFile foo.pem Include common.con ServerName bar.tld SSLCertificateFile bar.pem Include common.con > Am 03.02.2016 um 11:45 schrieb Felipe Gasper = : >=20 > What if I have a vhost with: >=20 > ServerName foo.tld > ServerAlias bar.tld >=20 > =E2=80=A6 but I have two separate SSL certificates for these domains? = Is there any way to accommodate this without either splitting the = domains onto separate vhosts or buying a new certificate that covers = both domains? >=20 > -FG >=20 > On 3 Feb 2016 12:26 AM, William A Rowe Jr wrote: >> Sounds like you have mis-structured the config. Per servername - = each >> can and should have its own cert and will be selected via SNI. If = there >> are subadmins beneath each vhost section #include those snippets and >> they all still fall within the given host name. >>=20 >> On Feb 1, 2016 11:21 AM, "Felipe Gasper" > > wrote: >>=20 >> On 1 Feb 2016 12:16 PM, Oscar Knorn wrote: >>=20 >> On 2016/02/01 Felipe Gasper wrote: >>=20 >> Hello, >>=20 >> Is it possible to do SNI SSL per domain rather than >> per vhost? If >> not, is there a feature request in for this? >>=20 >> Thank you! >>=20 >> -Felipe Gasper >> Houston, TX >>=20 >> = --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> >> For additional commands, e-mail: = users-help@httpd.apache.org >> >>=20 >>=20 >>=20 >> Hello Felipe, >>=20 >> are'nt in your configuration the domains organized in vhost = sections >> yet? Do you think, there might be a reason you can't organize >> them that way? >>=20 >> Cheers Oscar >>=20 >>=20 >> Hi Oscar, >>=20 >> Thanks for responding! >>=20 >> We have end users customizing their own vhost configurations via a >> limited-access interface; hence, I can=E2=80=99t put one domain = per vhost. >>=20 >> -F >>=20 >> = --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> >> For additional commands, e-mail: users-help@httpd.apache.org >> >>=20 >=20 >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org