Hi, Philip I don't know how to configure SNI on Apache since I don't see anything from mod_ssl's document that Krist replied to me before. I assume it automatically works. I just configured ssl virtualhost the same way as http virtualhost plus ssl's unique requirements. I use Windows XP. I tested IE 8 with Vista on a MacBook and it works since that is what I have at the moment. I was planning to have live sites on the internet by unknown users. Now I guess I need to have second thought. I tested on v2.0.59. It needs a lot of IPs for certs that I'd like to migrate to. Ryan -----Original Message----- From: Philip Wigg [mailto:phil@xxxxxxxxxxxxxxxx] Sent: Friday, March 12, 2010 11:58 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: Number of https virtual hosts support under v2.0.59 On 12 March 2010 16:43, Ruiyuan Jiang <Ruiyuan_Jiang@xxxxxxx> wrote: > Hi, Krist > > I tested with Apache 2.2.15 reverse proxy with two certs on the Apache, one is real cert and the other is self-signed. The configuration is virtualhosts for ssl. > The results that I got are: > > On PC client: > > Firefox v3.5.8 showed correct certs, one real and the other is not. > IE 8 showed incorrect when I viewed the certs. The self-signed cert site used the real cert. > > On MAC client: > > Both Safari 4.0.4 and Firefox 3.5.2 showed correctly, one real and one self-signed cert. > > My question is eventually both sites will have real certs when I am done testing. Will IE 6 and above uses the correct certs or only uses one cert, may be the first virtual host listed in ssl configuration file of Apache? Presuming you've configured SNI correctly, what operating system are you using? Note that SNI only works with IE 7 and 8 only work when running on Vista or higher, not with Windows XP. IE6 doesn't support SNI at all and never will to my knowledge. Are you putting this on a live site to be accessed by unknown users on the internet? If so, basically, don't. Most users on the internet will not be running an SNI-capable browser. -- Phil. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|