>> I need to set up SSL certificates for multiple domain names on a >> single server. I've done some research and I think these are my >> options: >> >> 1. use multiple IPs >> drawbacks: requires separate apache2 config for each SSL domain, extra >> IPs must be allocated by the hosting company >> >> 2. use multiple ports >> drawbacks: requires separate apache2 & firewall config for each SSL >> domain, port numbers look weird in the URL >> >> 3. Server Name Indication >> drawbacks: browser support is not widespread enough yet >> >> 4. X.509 v3 with subjectAltName >> drawbacks: ??? >> >> Are there other options? Are there drawbacks to relying on X.509 v3 >> with subjectAltName, or is that the way to go? > > Options 1) and 2) don't require seperate apache2 configs. You can have > apache listen to multiple IPs or Ports. Just add the necessary > "Listen" statements to your config, and than a virtualhost for each > SSL host. > > Personally I think that until SNI adoption gets more widespread the > best option is 1) if you have the IPs to spare, as it doesn't have any > more config overhead than the other options and is going to work as > expected. I have a total of 5 usable IP addresses available from my host. I've changed the DNS for my domain name, changed my system's network configuration, and added a VirtualHost block in my apache2 config like: <VirtualHost 12.34.56.2:443> ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... </VirtualHost> which is in addition to my previously existing: <VirtualHost 12.34.56.1:443> ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... </VirtualHost> I can see that pings to www.example2.com are resolved as 12.34.56.2 and http://www.example2.com works fine, but https://www.example2.com still receives the www.example1.com SSL cert in firefox and opera. Can anyone tell me what else I need to do to serve the correct SSL cert for each domain? - Grant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|