On Fri, Oct 1, 2010 at 11:04 PM, Grant <emailgrant@xxxxxxxxx> wrote: > I need to set up SSL certificates for multiple domain names on a > single server. I've done some research and I think these are my > options: > > 1. use multiple IPs > drawbacks: requires separate apache2 config for each SSL domain, extra > IPs must be allocated by the hosting company > > 2. use multiple ports > drawbacks: requires separate apache2 & firewall config for each SSL > domain, port numbers look weird in the URL > > 3. Server Name Indication > drawbacks: browser support is not widespread enough yet > > 4. X.509 v3 with subjectAltName > drawbacks: ??? > > Are there other options? Are there drawbacks to relying on X.509 v3 > with subjectAltName, or is that the way to go? Options 1) and 2) don't require seperate apache2 configs. You can have apache listen to multiple IPs or Ports. Just add the necessary "Listen" statements to your config, and than a virtualhost for each SSL host. Personally I think that until SNI adoption gets more widespread the best option is 1) if you have the IPs to spare, as it doesn't have any more config overhead than the other options and is going to work as expected. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|