Hi OpenSSL Users, I am setting up an Ubuntu 8.10 LAMP server on a Linode VPS. I have an older Ubuntu 6.10 vps set up as well that I configured with self signed certificates and CACert. I would like to set this new server up with a certificate from Thawte, or Verisign, et el (I'm open to suggestions)... But, more importantly I was wondering if anyone could clarify something for me. I am reading conflicting information with regards to ssl certs and vhosts.
I came accross a couple "howto" articles for setting up one certificate that will cover all virtual hosts on a web server... one static IP, one certificate, multiple sites, lots of saved money! One post did this using gnutls, http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/ another post using recompiled Apache and OpenSSL, http://howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch One knowledgable person claimed that the gnutls method would hinder performance, while a different and more recent post claimed that the lattest gnutls is now the better way to go. These posts are all made in 2006 - 2007, I can't find any recent howto's or information as to whether OpenSSL or Apache still require recompiling (I don't have any experience with that, just "apt-get install..." and configure) or whether this can really be done effectively as the Apache docs claim it cannot be (http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts). Needless to say, I am new to SSL, CA's, encryption, etc, and would like to get some clarification on the above points. It would be terrific if I could use one certificate for multiple hosts. I do realize that folks with older browsers would still get a security warning, but I think the ability to have multiple hosts under one certificate would be far more beneficial! Thanks in advace for the help opensslers, Kevin
