How do you setup Apache for name based virtual hosting with SSL?

I would like to host more then one SSL site on the same server/ip
address. I know in the past this wasn't possible.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

21.03.2011 02:01, Damien Hull:

> How do you setup Apache for name based virtual hosting with SSL?
>
> I would like to host more then one SSL site on the same server/ip
> address. I know in the past this wasn't possible.

Nowadays it's possible if server and client support SNI.
Most clients today do support SNI. One notable exception being IE on
Windows XP - one should be aware of that.

For setting up Apache httpd:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

--
Regards
mks


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Sun, Mar 20, 2011 at 9:01 PM, Damien Hull <dhull@section9.us> wrote:

How do you setup Apache for name based virtual hosting with SSL?



I would like to host more then one SSL site on the same server/ip

address. I know in the past this wasn't possible.



You need a dedicated IP address for the SSL stuff. So you would typically have 2 stanzas in your Apache conf file, like:*
<VirtualHost *:80 >
* * * * *ServerName www.example.com* * * * *# more statements.</VirtualHost>
<VirtualHost 1.2.3.4:443 >
* * *SSLEngine On* * *SSLCertificateFile conf/ssl/www.example.com.crt* * *# more statements
</VirtualHost>
You can do as many as you want, but need one IP address for each SSL certificate. Of course, you need the certificate files too.*

--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

21.03.2011 11:21, Hal Burgiss:

> You can do as many as you want, but need one IP address for each SSL
> certificate.

No. SNI is designed to circumvent this need:
http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

2011/3/21 Markus Schönhaber <ubuntu-users@list-post.mks-mail.de>

21.03.2011 11:21, Hal Burgiss:



> You can do as many as you want, but need one IP address for each SSL

> certificate.



No. SNI is designed to circumvent this need:

http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1



The fact that IE on XP is not supported is a big problem. That's a huge user base. Unless you are doing an intranet and don't care.*

--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On Mon, Mar 21, 2011 at 9:12 AM, Hal Burgiss <hal@burgiss.net> wrote:


2011/3/21 Markus Schönhaber <ubuntu-users@list-post.mks-mail.de>


21.03.2011 11:21, Hal Burgiss:



> You can do as many as you want, but need one IP address for each SSL

> certificate.



No. SNI is designed to circumvent this need:

http://tools.ietf.org/rfcmarkup?doc=4366#section-3.1



The fact that IE on XP is not supported is a big problem. That's a huge user base. Unless you are doing an intranet and don't care.*


PS -- Interesting though, I wasn't aware of that. *
--
Hal

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

21.03.2011 14:12, Hal Burgiss:

> The fact that IE on XP is not supported is a big problem.

As I already wrote in my other post: one should be aware of that. Then,
it's then up to oneself to decide whether or not it's a big problem.

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Thanks for the info. I don't think I'll use the SNI stuff yet. Not for
a production server anyway. Might be interesting to play with though.

On Mar 21, 2011, at 1:26 AM, Markus Schönhaber
<ubuntu-users@list-post.mks-mail.de> wrote:

> 21.03.2011 02:01, Damien Hull:
>
>> How do you setup Apache for name based virtual hosting with SSL?
>>
>> I would like to host more then one SSL site on the same server/ip
>> address. I know in the past this wasn't possible.
>
> Nowadays it's possible if server and client support SNI.
> Most clients today do support SNI. One notable exception being IE on
> Windows XP - one should be aware of that.
>
> For setting up Apache httpd:
> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
>
> --
> Regards
> mks
>
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

On 3/21/2011 9:39 AM, Damien Hull wrote:

Thanks for the info. I don't think I'll use the SNI stuff yet. Not for
a production server anyway. Might be interesting to play with though.


Well it's kind of a moot point because what you want to do is considered
bad anyways.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

21.03.2011 15:55, Jordon Bedwell:

> Well it's kind of a moot point because what you want to do is considered
> bad anyways.

Who considers what "bad" and why?

--
Regards
mks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users