AW: [users@httpd] SNI extension for healthchecks

Ursprüngliche Nachricht- > Von: Stillhard, Dominik > Gesendet: Dienstag, 23. Oktober 2018 16:15 > An: users@httpd.apache.org > Betreff: AW: [users@httpd] SNI extension for healthchecks [signed OK] > > Hi Yann, > > I've tested your patch. It doesn't

AW: [users@httpd] SNI extension for healthchecks

Hi Yann, I've tested your patch. It doesn't solve the problem. Still no SNI in healthchecks... Regards Dominik > -Ursprüngliche Nachricht- > Von: Yann Ylavic > Gesendet: Montag, 22. Oktober 2018 15:15 > An: users@httpd.apache.org > Betreff: Re: [users

Re: [users@httpd] SNI extension for healthchecks

Hi, On Mon, Oct 22, 2018 at 3:58 PM Sanjay Kumar Sahu wrote: > > Currently we are facing critical Apache/Kerberos authentication issue in our > RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto > type=AES256. Previously it's Crypto type=all. Please check following with the

Re: [users@httpd] SNI extension for healthchecks

HI All ! Currently we are facing critical Apache/Kerberos authentication issue in our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto type=AES256. Previously it's Crypto type=all. Please check following with the details. We are using mod_auth_kerb on Red Hat Enterprise Linux

Re: [users@httpd] SNI extension for healthchecks

Hi Dominik, On Mon, Oct 22, 2018 at 1:49 PM Dominik Stillhard wrote: > > I've tested the configuration you proposed. > Unfortunately the problem is not solved by using hostnames. Yes, sorry, I was looking at 2.5/trunk code, while 2.4.x is missing one commit (http://svn.apache.org/r1818726). With

AW: [users@httpd] SNI extension for healthchecks

org > Betreff: Re: [users@httpd] SNI extension for healthchecks > > Hi Dominik, > > sorry for the late response. > > On Tue, Oct 16, 2018 at 12:44 PM Dominik Stillhard security-providers.ch> wrote: > > > > I face the problem, that the sni extension is not set

AW: [users@httpd] SNI extension for healthchecks

Oh thanks i will try this! > -Ursprüngliche Nachricht- > Von: Yann Ylavic > Gesendet: Freitag, 19. Oktober 2018 15:28 > An: users@httpd.apache.org > Betreff: Re: [users@httpd] SNI extension for healthchecks > > Hi Dominik, > > sorry for the late response. &

Re: [users@httpd] SNI extension for healthchecks

Hi Dominik, sorry for the late response. On Tue, Oct 16, 2018 at 12:44 PM Dominik Stillhard wrote: > > I face the problem, that the sni extension is not set on healthcheck-requests > to a backend using tls. Because healthchecks are negative, this leads to > ordinary requests also beeing denied

[users@httpd] SNI extension for healthchecks

Hello all I face the problem, that the sni extension is not set on healthcheck-requests to a backend using tls. Because healthchecks are negative, this leads to ordinary requests also beeing denied. on the backend server i have the following error: AH02033: No hostname was provided via SNI for

Re: [users@httpd] SNI SSL per domain?

> On 8 Sep 2016, at 2:26 AM, Marat Khalili wrote: > >> It works beautifully and requires no restart of the server to >> add/remove/update certificates. > I am not an Apache developer, but it does not sound like a difficult patch. > Although I'd cache certificates in memory, not check filesyste

Re: [users@httpd] SNI SSL per domain?

What do you mean by “non-canonical domain”? Do you mean something in the ServerAlias? I mean canonical from user/marketing point of view. These days if you have, say, www.theregister.co.uk, theregister.co.uk, www.theregister.com, theregister.com etc., usually only the first one contains real s

Re: [users@httpd] SNI SSL per domain?

> On 7 Sep 2016, at 9:43 PM, Marat Khalili wrote: > > Did you consider having two instances of Apache: one for handling SSL with > vhost per certificate, and one for actual web sites with vhost per site? > First one will proxy requests to the second. Some people do it this way for > performan

Re: [users@httpd] SNI SSL per domain?

Did you consider having two instances of Apache: one for handling SSL with vhost per certificate, and one for actual web sites with vhost per site? First one will proxy requests to the second. Some people do it this way for performance reasons, but it lets you be more flexible with certificates

Re: [users@httpd] SNI SSL per domain?

Reviving this thread … This would mean that every vhost will needs its own common.conf file, which, on a server with thousands of vhosts, will make for expensive loads of the configuration file. mod_macro in 2.4 is another route we may explore, but we have some really complex vhost templating

Re: [users@httpd] SNI SSL per domain?

common.conf: ServerName foo.tld SSLCertificateFile foo.pem Include common.con ServerName bar.tld SSLCertificateFile bar.pem Include common.con > Am 03.02.2016 um 11:45 schrieb Felipe Gasper : > > What if I have a vhost with: > > ServerName foo.tld > ServerAlias bar.tld > >

Re: [users@httpd] SNI SSL per domain?

What if I have a vhost with: ServerName foo.tld ServerAlias bar.tld … but I have two separate SSL certificates for these domains? Is there any way to accommodate this without either splitting the domains onto separate vhosts or buying a new certificate that covers both domains? -FG On 3 Feb

Re: [users@httpd] SNI SSL per domain?

Sounds like you have mis-structured the config. Per servername - each can and should have its own cert and will be selected via SNI. If there are subadmins beneath each vhost section #include those snippets and they all still fall within the given host name. On Feb 1, 2016 11:21 AM, "Felipe Gaspe

Re: [users@httpd] SNI SSL per domain?

On 1 Feb 2016 12:16 PM, Oscar Knorn wrote: On 2016/02/01 Felipe Gasper wrote: Hello, Is it possible to do SNI SSL per domain rather than per vhost? If not, is there a feature request in for this? Thank you! -Felipe Gasper Houston, TX

Re: [users@httpd] SNI SSL per domain?

On 2016/02/01 Felipe Gasper wrote: > Hello, > > Is it possible to do SNI SSL per domain rather than per vhost? If > not, is there a feature request in for this? > > Thank you! > > -Felipe Gasper > Houston, TX > > - > To uns

[users@httpd] SNI SSL per domain?

Hello, Is it possible to do SNI SSL per domain rather than per vhost? If not, is there a feature request in for this? Thank you! -Felipe Gasper Houston, TX - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.or

Re: [users@httpd] SNI

Thanks, I found the error, our auto add script needs more checking, added the SSLEngine on, cert/key/CA directives correctly, but it added ... omitting ":443", fixed and all is good. Seems a CSR added it as HTML, then whilst it was loading realized she forgot to check the ssl box, did it and

Re: [users@httpd] SNI

On Wed, Nov 12, 2014 at 5:05 AM, Nick Edwards wrote: > Hello, > > Have a problem on one server where SNI does not appear to work, the > only difference is the very first vhost is non SSL, the SSL is loaded > second - works, then it loads some more http vhosts, - they work, > then loads some SSL

[users@httpd] SNI

Hello, Have a problem on one server where SNI does not appear to work, the only difference is the very first vhost is non SSL, the SSL is loaded second - works, then it loads some more http vhosts, - they work, then loads some SSL sites of same .domain - they work too, then it tries to load SSL

[users@httpd] SNI + RequestReadTimeout leads to SSL certificate error in client browser

Hi, We are using Apache's SNIfunctionality to host multiple sites in single apache instance [version 2.2.22]. Lets say the domain names we host are www.A.com and www.B.com We are facing issues due to slow clients. Due to RequestReadTimeout<

[users@httpd] SNI with apache 2.4.1 reverse proxy

Hello, after upgrading from 2.2.21 to 2.4.1 I'm seeing a problem with SNI in combination with reverse proxying. I have a VM with wordpress in it behind an apache reverse proxy. The reverse proxy runs on the host system and port 12443 of this host is forwarded into the VM and connects to 443 there