On Sat, Mar 7, 2009 at 5:03 PM, pavel.stratil-jun@xxxxxxxx <pavel.stratil-jun@xxxxxxxx> wrote: > Hi, > > With SNI it is now possible to use more certificates with one ip address. > Unfortunately there's no mod_vhost_alias support (and I'm not aware of a > workaround). So, assuming I use "VirtualDocumentRoot > /var/www/vhosts/%-2.1/%-2.0.%-1.0/htdocs/%-3+/" to map > > example.com --> /var/www/vhosts/e/example.com/htdocs/_ > anything.example.com --> /var/www/vhosts/e/example.com/htdocs/anything > > I'd need > > VirtualSSLCertificateFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.crt > VirtualSSLCertificateKeyFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.key > > or some workaround. Anybody got any ideas? Devs, would this be possible to > implement? Similarly, is there a solution to avoid multiple entries like > > <Directory /var/www/vhosts/e/example.com> > php_admin_value open_basedir /tmp:/var/www/vhosts/e/example.com > </Directory> > > in a mod_vhost_alias-like way? Seems like a dead if you're trying to use different certificates on the same IP:port combination. There's no SNI support in a released version of Apache, so the certificate is presented before anything can see a hostname (Host: header is available after, and nobodies reading the TLS extension containing the servername) -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|