RE: how to get multiple SSL with name based vhost ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: J. Bakshi [mailto:joydeep@xxxxxxxxxxxxxxx] 
> Sent: Tuesday, December 01, 2009 8:20 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  how to get multiple SSL with name 
> based vhost ?
> 
> ...
>
> Thanks for your nice explanatory  response.  The server where 
> my apache
> is running is based on opensuse 11.0 . Hence I don't think 
> this box can
> support SNI. As this is a production server I can't simply upgrade the
> box. So I need some other alternative.

Krist explained it very nicely... But maybe you still didn't get it: Without SNI, there is NO WAY TO DO THIS. It is a fundamental limitation of the HTTPS protocol with no production-grade work-around. SNI (server-name indication) was specifically added to address this limitation. There is simply NO ALTERNATIVE. 

Having said that, if you have a research or academic environment and don't care about browser warnings, you can just use the same cert for all sites. You will get the encryption aspect of HTTPS but not the authentication aspect.

Alternatively, if all sites have the same domain-name (eg, sales.wibble.com, shop.wibble.com etc), you can get a wildcard cert that certifies *.wibble.com.

Aside from these special cases, there is NO WAY to have name-based SSL VHs.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> Thanks to make me 
> familiar with SNI
> 
> -- 
> জয়দীপ বক্সী
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux