Boyle Owen wrote: >> -----Original Message----- >> From: J. Bakshi [mailto:joyd...@infoservices.in] >> Sent: Tuesday, December 01, 2009 8:20 AM >> To: users@httpd.apache.org >> Subject: Re: [us...@httpd] how to get multiple SSL with name >> based vhost ? >> >> ... >> >> Thanks for your nice explanatory response. The server where >> my apache >> is running is based on opensuse 11.0 . Hence I don't think >> this box can >> support SNI. As this is a production server I can't simply upgrade the >> box. So I need some other alternative. >> > > Krist explained it very nicely... But maybe you still didn't get it: Without > SNI, there is NO WAY TO DO THIS. It is a fundamental limitation of the HTTPS > protocol with no production-grade work-around. SNI (server-name indication) > was specifically added to address this limitation. There is simply NO > ALTERNATIVE. > > Having said that, if you have a research or academic environment and don't > care about browser warnings, you can just use the same cert for all sites. > You will get the encryption aspect of HTTPS but not the authentication aspect. > > Alternatively, if all sites have the same domain-name (eg, sales.wibble.com, > shop.wibble.com etc), you can get a wildcard cert that certifies *.wibble.com. > > Aside from these special cases, there is NO WAY to have name-based SSL VHs. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored.
Hello Owen, Thank for your response. your assumption is correct. I am working in an environment where the domain name is same. Hence I am using the same certificate. But the problem is with port. apache complaining if it see more name based vhost with port 443. I was using the config as below ` ` ` ` Listen 443 NameVirtualHost example1.de:443 <VirtualHost example1:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/myca/mars-server.crt SSLCertificateKeyFile /etc/apache2/myca/mars-server.key SSLCertificateChainFile /etc/apache2/myca/my-ca.crt ServerName https://example1.de ServerAlias https://example1.de DocumentRoot /srv/www/htdocs/blevti.opendingo.de DirectoryIndex index.php </VirtualHost> NameVirtualHost example2.de:443 <VirtualHost example2:443> SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/myca/mars-server.crt SSLCertificateKeyFile /etc/apache2/myca/mars-server.key SSLCertificateChainFile /etc/apache2/myca/my-ca.crt ServerName https://example2.de ServerAlias https://example2.de DocumentRoot /srv/www/htdocs/example2.de DirectoryIndex index.php </VirtualHost> ` ` ` ` but no luck -- জয়দীপ বক্সী --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
