You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Henri Gomez <he...@gmail.com> on 2009/03/31 21:54:26 UTC

Apache 2.2, mod_ssl and Named Virtual Host

Hi to all,

Did you know if it's possible to use Named Virtual Host with SSL (mod_ssl) ?

I got various replies :

This article (in French), say it's possible (may be using a self
signed certificate which is evil).

http://www.hsc.fr/ressources/breves/ssl_virtualhosts.html.fr


But for example Thawte document say it's not possible.

"If you have secure virtual hosts, each will need its own IP, as SSL
does not support Name-based virtual
hosts. SSL cannot be configured on Name Based VirtualHosts unless
these VirtualHosts use different SSL
ports."


I could only use one IP/Port on the machine and use it to serve about
25 Named Virtual Host ;'(


It seems mod_gnutls could do the job, but if possible I'd like to stay
with mod_ssl.

Advices/experiences more than welcome.

Thanks again.

Re: Apache 2.2, mod_ssl and Named Virtual Host

Posted by Henri Gomez <he...@gmail.com>.

Thanks.

Good to know it should works from experts ;)

I hope thawte could provide us such wildcards certs or required pki  
stuff.

Many thanks again ;)

Le 31 mars 09 à 22:00, "William A. Rowe, Jr." <wr...@rowe-clan.net> a  
écrit :

> Henri Gomez wrote:
>> Did you know if it's possible to use Named Virtual Host with SSL  
>> (mod_ssl) ?
>
> Yes, of course, usually ill advised.  Explaining that combination
> is usually much harder than simply stating "no, it's not supported."
>
>> Advices/experiences more than welcome.
>
> Beyond SNI (Server Name Identification extension) and the connection
> upgrade facility, there are options of wildcard certificates, or for
> those just 'testing', using the 'wrong' certificate.
>
> Some additional notes at;
>
>  http://wiki.cacert.org/wiki/VhostTaskForce

Re: Apache 2.2, mod_ssl and Named Virtual Host

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

Henri Gomez wrote:
> 
> Did you know if it's possible to use Named Virtual Host with SSL (mod_ssl) ?

Yes, of course, usually ill advised.  Explaining that combination
is usually much harder than simply stating "no, it's not supported."

> Advices/experiences more than welcome.

Beyond SNI (Server Name Identification extension) and the connection
upgrade facility, there are options of wildcard certificates, or for
those just 'testing', using the 'wrong' certificate.

Some additional notes at;

   http://wiki.cacert.org/wiki/VhostTaskForce