>> I need to set up SSL certificates for multiple domain names on a >> single server. I've done some research and I think these are my >> options: >> >> 1. use multiple IPs >> drawbacks: requires separate apache2 config for each SSL domain, extra >> IPs must be allocated by the hosting company >> >> 2. use multiple ports >> drawbacks: requires separate apache2 & firewall config for each SSL >> domain, port numbers look weird in the URL >> >> 3. Server Name Indication >> drawbacks: browser support is not widespread enough yet >> >> 4. X.509 v3 with subjectAltName >> drawbacks: ??? >> >> Are there other options? Are there drawbacks to relying on X.509 v3 >> with subjectAltName, or is that the way to go? > > Options 1) and 2) don't require seperate apache2 configs. You can have > apache listen to multiple IPs or Ports. Just add the necessary > "Listen" statements to your config, and than a virtualhost for each > SSL host. > > Personally I think that until SNI adoption gets more widespread the > best option is 1) if you have the IPs to spare, as it doesn't have any > more config overhead than the other options and is going to work as > expected. > > > Krist Thanks Krist. The "virtualhost for each SSL host" is what I mean by separate apache2 configs. I'd like to be able to define different domain names on the fly within my perl scripts without changing apache2 config. Maybe we're just not there yet? Why would you use multiple IPs instead of X.509 v3 with subjectAltName? Does subjectAltName have any drawbacks? - Grant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|