Am 04.04.2018 um 00:05 schrieb Michael Hekeler:
Am Thu, 29 Mar 2018 17:13:10 +0200
schrieb Michael Hekeler <mich...@hekeler.com>:
Ah - I see what you try to do...
But SNI doesn´t mean one single certificate for multiple hostnames
(this you can do with multiple entries in the certificate subject alt
name).
SNI means to server multiple hostnames on ONE ip address
jepp thats what it is
SNI is an extension by which a client (e.g. a webbrowser) indicates
(hence the name: server name INDICATION) one of these multiple
hostnames to be in the TLS handshake. Then the server can choose the
right certifificate to present to the client.
I know
So if you want to serve domain1, domain2 and domain3 each on https then
you need
cert1 for domain1 and
cert2 for domain2 and
cert3 for domain3
I have that basically but some Domains belong, in a way, together and
could be served with one cert.
If every domain has its own ip then you don´t need SNI.
But if all domains share the same ip, then the client and the server
must be SNI compatible.
When the client requests domain2 the server will be able to present
cert2.
Of course you can issue a single cert with domain1, domain2 and
domain3 in certificate´s subject name and configure the server to
present this cert on every request. But that´s no SNI.
it only presents this cert for the specific virtual hosts
Anyway I'm okay with the fact to hardcode the path to the cert into the
virtual host definition. I was just wondering if I did something wrong
or it's simply not supported.
Regards
--
Markus Rosjat fon: +49 351 8107223 mail: ros...@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
