Boyle Owen wrote: >> -----Original Message----- >> From: J. Bakshi [mailto:joydeep@xxxxxxxxxxxxxxx] >> Sent: Tuesday, December 01, 2009 8:20 AM >> To: users@xxxxxxxxxxxxxxxx >> Subject: Re: how to get multiple SSL with name >> based vhost ? >> >> ... >> >> Thanks for your nice explanatory response. The server where >> my apache >> is running is based on opensuse 11.0 . Hence I don't think >> this box can >> support SNI. As this is a production server I can't simply upgrade the >> box. So I need some other alternative. >> > > Krist explained it very nicely... But maybe you still didn't get it: Without SNI, there is NO WAY TO DO THIS. It is a fundamental limitation of the HTTPS protocol with no production-grade work-around. SNI (server-name indication) was specifically added to address this limitation. There is simply NO ALTERNATIVE. > > Having said that, if you have a research or academic environment and don't care about browser warnings, you can just use the same cert for all sites. You will get the encryption aspect of HTTPS but not the authentication aspect. > > Alternatively, if all sites have the same domain-name (eg, sales.wibble.com, shop.wibble.com etc), you can get a wildcard cert that certifies *.wibble.com. > > Aside from these special cases, there is NO WAY to have name-based SSL VHs. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. Hello Owen, Thank for your response. your assumption is correct. I am working in an environment where the domain name is same. Hence I am using the same certificate. But the problem is with port. apache complaining if it see more name based vhost with port 443. I was using the config as below ` ` ` ` Listen 443 NameVirtualHost example1.de:443 <VirtualHost example1:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/myca/mars-server.crt SSLCertificateKeyFile /etc/apache2/myca/mars-server.key SSLCertificateChainFile /etc/apache2/myca/my-ca.crt ServerName https://example1.de ServerAlias https://example1.de DocumentRoot /srv/www/htdocs/blevti.opendingo.de DirectoryIndex index.php </VirtualHost> NameVirtualHost example2.de:443 <VirtualHost example2:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/myca/mars-server.crt SSLCertificateKeyFile /etc/apache2/myca/mars-server.key SSLCertificateChainFile /etc/apache2/myca/my-ca.crt ServerName https://example2.de ServerAlias https://example2.de DocumentRoot /srv/www/htdocs/example2.de DirectoryIndex index.php </VirtualHost> ` ` ` ` but no luck -- জয়দীপ বক্সী --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|