The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: Multiple SSL vhost  (Read 3988 times)

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Multiple SSL vhost
« on: February 24, 2011, 02:24:42 PM »

has anyone success using it in windows?  ;D

i still can't use it .. seem it says my apache not support.. or something like that.

i'm using

- Apache 2.2.17 ( VC6 from official website )
- mod ssl that provide by them
- i also try the new one 1.0.0.d but it's not working

( it's only read the first vhost ssl )  ::)

any one have a clue ?
Logged

Sob

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 72
Re: Multiple SSL vhost
« Reply #1 on: February 24, 2011, 03:37:05 PM »

I guess you mean "multiple ssl vhosts using same address and port".

It "just works" if your certificate covers all used hostnames (either it's wildcard one like "*.example.net", or it is for multiple names).

If you need to use multiple separate certificates, you must have Apache and OpenSSL with SNI support. I don't know if ASF release has it enabled. But even if it has, it's still problematic, because no IE version on XP supports it and there are still too many of them being used.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 848
Re: Multiple SSL vhost
« Reply #2 on: February 24, 2011, 07:32:50 PM »

As far as I know ASF's are SNI ... I do not think Bill disables SNI when he builds OpenSSL.
Logged

perindu

  • Newbie
  • *
  • Offline Offline
  • Posts: 33
Re: Multiple SSL vhost
« Reply #3 on: February 25, 2011, 04:46:43 AM »

My Mistake  ;D

 actually it does work with a few condition  ;D

Test on

Apache 2.2.1.17 ( apache build ) vc6
PHP 5.2.17 ( php build ) vc6
openssl 1.0.0.d ( gregg build ) vc6

when you set

SSLStrictSNIVHostCheck off

https will work with all browser but it will use the first certificate it found

example

vhost1 a.com
vhost2 b.com

it will only you a.com certificate.

if you set

SSLStrictSNIVHostCheck on

it will redirect unsupported client to 403 error

and supported one will use the correct vhost certificate

*notes*

before this i test it using chromeplus ( i didnt realized that the code is not using chrome 6++ ) instead of chromium 4 *sigh* thats why it only use the first cert it found :)

Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13