Eric Covener wrote:
On Sat, Mar 7, 2009 at 5:03 PM, [email protected]
<[email protected]> wrote:
Hi,
With SNI it is now possible to use more certificates with one ip address.
Unfortunately there's no mod_vhost_alias support (and I'm not aware of a
workaround). So, assuming I use "VirtualDocumentRoot
/var/www/vhosts/%-2.1/%-2.0.%-1.0/htdocs/%-3+/" to map
example.com --> /var/www/vhosts/e/example.com/htdocs/_
anything.example.com --> /var/www/vhosts/e/example.com/htdocs/anything
I'd need
VirtualSSLCertificateFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.crt
VirtualSSLCertificateKeyFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.key
or some workaround. Anybody got any ideas? Devs, would this be possible to
implement? Similarly, is there a solution to avoid multiple entries like
<Directory /var/www/vhosts/e/example.com>
php_admin_value open_basedir /tmp:/var/www/vhosts/e/example.com
</Directory>
in a mod_vhost_alias-like way?
Seems like a dead if you're trying to use different certificates on
the same IP:port combination. There's no SNI support in a released
version of Apache, so the certificate is presented before anything can
see a hostname (Host: header is available after, and nobodies reading
the TLS extension containing the servername)
well the patch is out there a long time ... distros package it with
apache so, while it may not be currently a part of apache's official
release yet,
i don't think its a wise thing to wait for the official sni apache and
then wait even more for a sni patch to mod_vhost_alias.
refference: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
