You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2014/10/18 15:50:52 UTC
[users@httpd] TLS, SNI, and Multiple VHosts
If I get a server TLS certificate for an IP address, is it true that I
can have essentially unlimited TLS VHosts using that certificate
(assuming clients are SNI-capable)?
Best regards,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TLS, SNI, and Multiple VHosts
Posted by Eric Covener <co...@gmail.com>.
On Sat, Oct 18, 2014 at 9:50 AM, Tom Browder <to...@gmail.com> wrote:
> If I get a server TLS certificate for an IP address, is it true that I
> can have essentially unlimited TLS VHosts using that certificate
> (assuming clients are SNI-capable)?
>
I don't think so.
* The hostnames need to be in the certificate for the client to validate it
* SNI is only useful for N certificates, not 1 certificate that has
wildcards or subjectaltnames. The latter doesn't require SNI.