You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Dan Poirier <po...@pobox.com> on 2009/04/08 20:37:53 UTC
Documentation started for virtual hosts with SNI
[Please followup to docs@httpd.apache.org]
I've started a documentation page for using virtual hosts
over SSL with SNI at
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Comments are welcome, or make improvements directly on
the wiki.
--
Dan Poirier <po...@pobox.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Eric Covener <co...@gmail.com>.
On Thu, Apr 9, 2009 at 4:10 AM, Tero Lampiluoto <la...@gmail.com> wrote:
> Hello,
>
> Using SNI doesn't change the fact that you can only use
> one certificate file (public and private key) per unique IP:port.
> Right?
That's what it changes, becasue the Client Hello contains the same
data as the Host: header.
>
> SNI is mostly useful when one is using wildcard and/or
> SubjectAltName (SAN) extension certificate. In these cases you can
> serve number different sites with the same certificate key pair.
This works today (all SSL settings in default vhost)
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Dan Poirier <po...@pobox.com>.
Tero Lampiluoto <la...@gmail.com> writes:
> Using SNI doesn't change the fact that you can only use
> one certificate file (public and private key) per unique IP:port.
Actually that's exactly what it does change, but you're right in
that I never actually said that. Fixed.
--
Dan Poirier <po...@pobox.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Tero Lampiluoto <la...@gmail.com>.
Hello,
Using SNI doesn't change the fact that you can only use
one certificate file (public and private key) per unique IP:port.
Right?
SNI is mostly useful when one is using wildcard and/or
SubjectAltName (SAN) extension certificate. In these cases you can
serve number different sites with the same certificate key pair.
I think this should be mentioned because otherwise we are facing
confusion.
--
Tero Lampiluoto
lampiluoto at gmail com
On Thu, Apr 9, 2009 at 9:59 AM, Mario Brandt <jb...@gmail.com> wrote:
> Hi Dan,
> isn't there a misconfig in the example?
>
> Second host:
>
> DocumentRoot /www/example2
> ServerName www.example.org
>
> shouldn't that be ServerName www.example2.org ?
>
> Mario
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Dan Poirier <po...@pobox.com>.
Mario Brandt <jb...@gmail.com> writes:
> isn't there a misconfig in the example?
>
> Second host:
>
> DocumentRoot /www/example2
> ServerName www.example.org
>
> shouldn't that be ServerName www.example2.org ?
Thanks, you're right. I've fixed it.
--
Dan Poirier <po...@pobox.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Mario Brandt <jb...@gmail.com>.
Hi Dan,
isn't there a misconfig in the example?
Second host:
DocumentRoot /www/example2
ServerName www.example.org
shouldn't that be ServerName www.example2.org ?
Mario
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Frank Gingras <fr...@gmail.com>.
Ruediger Pluem wrote:
> On 04/08/2009 08:37 PM, Dan Poirier wrote:
>
>> [Please followup to docs@httpd.apache.org]
>>
>> I've started a documentation page for using virtual hosts
>> over SSL with SNI at
>>
>> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
>>
>
> Cool work Dan. Thanks. If I find some time and have further
> things at hand I will contribute to this page.
>
> Regards
>
> RĂ¼diger
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
>
>
Dan,
Thank you very much for this. I will use it a lot for support in #httpd,
for sure.
Frank.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: Documentation started for virtual hosts with SNI
Posted by Ruediger Pluem <rp...@apache.org>.
On 04/08/2009 08:37 PM, Dan Poirier wrote:
> [Please followup to docs@httpd.apache.org]
>
> I've started a documentation page for using virtual hosts
> over SSL with SNI at
>
> http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Cool work Dan. Thanks. If I find some time and have further
things at hand I will contribute to this page.
Regards
RĂ¼diger
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org