[users@httpd] TLS, SNI, and Multiple VHosts

[Tom Browder <to...@gmail.com>]

If I get a server TLS certificate for an IP address, is it true that I
can have essentially unlimited TLS VHosts using that certificate
(assuming clients are SNI-capable)?

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] TLS, SNI, and Multiple VHosts

[Eric Covener <co...@gmail.com>]

On Sat, Oct 18, 2014 at 9:50 AM, Tom Browder <to...@gmail.com> wrote:

> If I get a server TLS certificate for an IP address, is it true that I
> can have essentially unlimited TLS VHosts using that certificate
> (assuming clients are SNI-capable)?
>

​I don't think so.

* The hostnames need to be in the ​certificate for the client to validate it
* SNI is only useful for N certificates, not 1 certificate that has
wildcards or subjectaltnames. The latter doesn't require SNI.