FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 03-21-2011, 12:01 AM
Damien Hull
 
Default Apache and SSL

How do you setup Apache for name based virtual hosting with SSL?

I would like to host more then one SSL site on the same server/ip
address. I know in the past this wasn't possible.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 08:26 AM
Markus Schönhaber
 
Default Apache and SSL

21.03.2011 02:01, Damien Hull:

> How do you setup Apache for name based virtual hosting with SSL?
>
> I would like to host more then one SSL site on the same server/ip
> address. I know in the past this wasn't possible.

Nowadays it's possible if server and client support SNI.
Most clients today do support SNI. One notable exception being IE on
Windows XP - one should be aware of that.

For setting up Apache httpd:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

--
Regards
mks


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 09:21 AM
Hal Burgiss
 
Default Apache and SSL

On Sun, Mar 20, 2011 at 9:01 PM, Damien Hull <dhull@section9.us> wrote:

How do you setup Apache for name based virtual hosting with SSL?



I would like to host more then one SSL site on the same server/ip

address. I know in the past this wasn't possible.



You need a dedicated IP address for the SSL stuff. So you would typically have 2 stanzas in your Apache conf file, like:*
<VirtualHost *:80 >
* * * * *ServerName www.example.com* * * * *# more statements.</VirtualHost>
<VirtualHost 1.2.3.4:443 >
* * *SSLEngine On* * *SSLCertificateFile conf/ssl/www.example.com.crt* * *# more statements
</VirtualHost>
You can do as many as you want, but need one IP address for each SSL certificate. Of course, you need the certificate files too.*

--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 10:40 AM
Markus Schönhaber
 
Default Apache and SSL

21.03.2011 11:21, Hal Burgiss:

> You can do as many as you want, but need one IP address for each SSL
> certificate.

No. SNI is designed to circumvent this need:
http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 12:12 PM
Hal Burgiss
 
Default Apache and SSL

2011/3/21 Markus Schönhaber <ubuntu-users@list-post.mks-mail.de>

21.03.2011 11:21, Hal Burgiss:



> You can do as many as you want, but need one IP address for each SSL

> certificate.



No. SNI is designed to circumvent this need:

http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1



The fact that IE on XP is not supported is a big problem. That's a huge user base. Unless you are doing an intranet and don't care.*

--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 12:14 PM
Hal Burgiss
 
Default Apache and SSL

On Mon, Mar 21, 2011 at 9:12 AM, Hal Burgiss <hal@burgiss.net> wrote:


2011/3/21 Markus Schönhaber <ubuntu-users@list-post.mks-mail.de>


21.03.2011 11:21, Hal Burgiss:



> You can do as many as you want, but need one IP address for each SSL

> certificate.



No. SNI is designed to circumvent this need:

http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1



The fact that IE on XP is not supported is a big problem. That's a huge user base. Unless you are doing an intranet and don't care.*


PS -- Interesting though, I wasn't aware of that. *
--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 12:41 PM
Markus Schönhaber
 
Default Apache and SSL

21.03.2011 14:12, Hal Burgiss:

> The fact that IE on XP is not supported is a big problem.

As I already wrote in my other post: one should be aware of that. Then,
it's then up to oneself to decide whether or not it's a big problem.

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 01:39 PM
Damien Hull
 
Default Apache and SSL

Thanks for the info. I don't think I'll use the SNI stuff yet. Not for
a production server anyway. Might be interesting to play with though.

On Mar 21, 2011, at 1:26 AM, Markus Schönhaber
<ubuntu-users@list-post.mks-mail.de> wrote:

> 21.03.2011 02:01, Damien Hull:
>
>> How do you setup Apache for name based virtual hosting with SSL?
>>
>> I would like to host more then one SSL site on the same server/ip
>> address. I know in the past this wasn't possible.
>
> Nowadays it's possible if server and client support SNI.
> Most clients today do support SNI. One notable exception being IE on
> Windows XP - one should be aware of that.
>
> For setting up Apache httpd:
> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
>
> --
> Regards
> mks
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 01:55 PM
Jordon Bedwell
 
Default Apache and SSL

On 3/21/2011 9:39 AM, Damien Hull wrote:

Thanks for the info. I don't think I'll use the SNI stuff yet. Not for
a production server anyway. Might be interesting to play with though.


Well it's kind of a moot point because what you want to do is considered
bad anyways.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-21-2011, 01:59 PM
Markus Schönhaber
 
Default Apache and SSL

21.03.2011 15:55, Jordon Bedwell:

> Well it's kind of a moot point because what you want to do is considered
> bad anyways.

Who considers what "bad" and why?

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 12:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org