You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Norman Khine <no...@khine.net> on 2007/12/28 21:44:10 UTC
[users@httpd] Apache2, Vhosts and SSL
Hello,
I have several sites running from my server that have their own
certificates, but everytime I acces the site, I get a warning telling me
that the certificate belongs to localhost.
Can I have multiple certificates on the same IP and port 443, or do I
have to open different ports for each SSL site?
Many thanks
Norman
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache2, Vhosts and SSL
Posted by Gregor Schneider <rc...@googlemail.com>.
Pavel,
On Dec 30, 2007 4:36 AM, <pa...@fenix.cz> wrote:
> not exactly true, you may try to use the SNI patch that allows several
> certs on a single ip.
>
it's still true, however, maybe the statement is not complete.
TLS is pretty new, and i.e. my firefox-browser does not accept such a
cert "for an unknown reason".
Setting up the patch is quite some work with a good chance to shoot
yourself into your toe.
Check out http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch
Btw, the error-message in my Firefox-Browser (it's 2.0.0.11) appears
when pointing to the sample web-site given in the document
https://dave.sni.velox.ch/.
Besides, when patching you will have to recompile OpenSSL, meaning
future updates (such as security updates) might turn back your
changes.
Therefore, I honestly would not recommend using this patch but wait
until a stable standard ist established.
Cheers & have a great 2008!
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache2, Vhosts and SSL
Posted by pa...@fenix.cz.
not exactly true, you may try to use the SNI patch that allows several
certs on a single ip.
regards, pavel
> you will need either different ip/port-combinations for each ssl-site
> or you can try with the so-called wildcard-certs (example.
> https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html).
> most recent browsers will support them.
>
> cheers
>
> gregor
> --
> what's puzzlin' you, is the nature of my game
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache2, Vhosts and SSL
Posted by Gregor Schneider <rc...@googlemail.com>.
you will need either different ip/port-combinations for each ssl-site
or you can try with the so-called wildcard-certs (example.
https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html).
most recent browsers will support them.
cheers
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org