[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: [users@httpd] Apache2, Vhosts and SSL
From:       "Gregor Schneider" <rc46fi () googlemail ! com>
Date:       2007-12-30 12:33:21
Message-ID: a2d59f0d0712300433y257e18efp4305b393bb902c94 () mail ! gmail ! com
[Download RAW message or body]

Pavel,

On Dec 30, 2007 4:36 AM,  <pavel.stratil-jun@fenix.cz> wrote:
> not exactly true, you may try to use the SNI patch that allows several
> certs on a single ip.
> 
it's still true, however, maybe the statement is not complete.

TLS is pretty new, and i.e. my firefox-browser does not accept such a
cert "for an unknown reason".

Setting up the patch is quite some work with a good chance to shoot
yourself into your toe.
Check out http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch


Btw, the error-message in my Firefox-Browser (it's 2.0.0.11) appears
when pointing to the sample web-site given in the document
https://dave.sni.velox.ch/.

Besides, when patching you will have to recompile OpenSSL, meaning
future updates (such as security updates) might turn back your
changes.

Therefore, I honestly would not recommend using this patch but wait
until a stable standard ist established.

Cheers & have a great 2008!

Gregor
-- 
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]