Re: do i need a dedicated ip address for https?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Dec 23, 2010, at 3:03 AM, David HrbÃÄ <hrbac.conf@xxxxxxxxx> wrote:

> Dne 23.12.2010 1:08, Les Mikesell napsal(a):
>> The issue is that the server needs to know the hostname given to the 
>> browser to find the matching certificate, and the only way to do that 
>> and stay on the standard port 443 with the apache version on centos is 
>> to bind each virtual host to a different IP address.  Per the apache ssl 
>> faq at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2, 2.2.12 
>> or later supports SNI where the browser passes the hostname before the 
>> ssl session starts.
>> 
> 
> Guys,
> Of course that it's possible to host multi-site on ONE ip. As Les has
> said, it's about SNI enabled web clients and servers. Not all clients
> support SNI. As to Apache, there's no need to go with 2.2.12. SNI is
> very easy to support with both Centos 4 and Centos 5. There's module
> mod_gnutls packed for Centos in one of my repo. Used in production for a
> few years now.
> 
> http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/repoview/
> http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/repoview/
> http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/repoview/
> http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/repoview/

As long as the forward DNS resolves to the common name the cert will be accepted and you can have multiple host names resolve to the same IP.

-Ross

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux