Multiple SSL vhost

Started by perindu, February 24, 2011, 02:24:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

perindu

February 24, 2011, 02:24:42 PM
has anyone success using it in windows?  ;D

i still can't use it .. seem it says my apache not support.. or something like that.

i'm using

- Apache 2.2.17 ( VC6 from official website )
- mod ssl that provide by them
- i also try the new one 1.0.0.d but it's not working

( it's only read the first vhost ssl )  ::)

any one have a clue ?

Sob

#1
February 24, 2011, 03:37:05 PM
I guess you mean "multiple ssl vhosts using same address and port".

It "just works" if your certificate covers all used hostnames (either it's wildcard one like "*.example.net", or it is for multiple names).

If you need to use multiple separate certificates, you must have Apache and OpenSSL with SNI support. I don't know if ASF release has it enabled. But even if it has, it's still problematic, because no IE version on XP supports it and there are still too many of them being used.

Gregg

#2
February 24, 2011, 07:32:50 PM
As far as I know ASF's are SNI ... I do not think Bill disables SNI when he builds OpenSSL.

perindu

#3
February 25, 2011, 04:46:43 AM
My Mistake  ;D

actually it does work with a few condition  ;D

Test on

Apache 2.2.1.17 ( apache build ) vc6
PHP 5.2.17 ( php build ) vc6
openssl 1.0.0.d ( gregg build ) vc6

when you set

SSLStrictSNIVHostCheck off

https will work with all browser but it will use the first certificate it found

example

vhost1 a.com
vhost2 b.com

it will only you a.com certificate.

if you set

SSLStrictSNIVHostCheck on

it will redirect unsupported client to 403 error

and supported one will use the correct vhost certificate

*notes*

before this i test it using chromeplus ( i didnt realized that the code is not using chrome 6++ ) instead of chromium 4 *sigh* thats why it only use the first cert it found :)

Print
Go Up Pages1
User actions