On Thu, Apr 22, 2010 at 1:25 AM, Crypto Sal <crypto.sal@xxxxxxxxx> wrote: > On 04/21/2010 08:11 PM, Tom Evans wrote: >> >> On Wed, Apr 21, 2010 at 11:48 PM, Michael Ni<michaelcni@xxxxxxxxx> wrote: >>> >>> i have a situation where I have only one computer (one IP) with >>> 2 virtual hosts >>> >>> one virtual host is static.foobar.com >>> >>> one virtual host is www.foobar.com >>> >>> both have separate ssl certs registered to the corresponding domain. >>> >>> i tried putting SSL in each but apache is using the first one registered. >>> >>> How can I get this to work without need another computer? >>> >>> >>> >> You won't need another computer, but you will need another IP address >> if you wish to support IE. Sorry, its how it works. >> >> Cheers >> >> Tom > > > Tom, > > That's misleading information. Windows Vista and greater DO support SNI > (Server Name Indication) and since those Operating Systems do support SNI, > so does IE. Since most other browser vendors make use of non-MSFT(usually a > form of OpenSSL) crypto, they usually are fine and have been fine for years. > > There is also the possibility of using a Wildcard Certificate as well if the > Doman Name structure is similar. > > --Sal No, it isn't. If you wish to support IE 6 or 7, chrome or safari on windows XP - which is a huge, enormous section of the browser population - then you cannot use SNI. Trying to say otherwise just because YOU only use firefox is what is misleading. More to the point, show me one major commercial deployment actually using SNI. The OP also indicated that he had already purchased his certificates, thus precluding wildcard domains. It is much cheaper (by far!) to get an additional IP than it is to purchase a new wildcard certificate. So, yes, very clever to note SNI, however it is not a reliable solution for ~40% of users on the internet. Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx