Anyone good with multiple SSL on Apache?
in [General]
|
From: Per Jessen on 10 Mar 2010 03:42 Per Jessen wrote: > Jochen Schultz wrote: >=20 >> AFAIK Apache 2 doesn't support virtual hosts for SSL. >>=20 >=20 > I think it does now - there was even a c't article on the topic not > long ago. I'll see if I can find it. http://www.heise.de/kiosk/archiv/ct/2009/23/174_kiosk (download for a fee) --=20 Per Jessen, Z=C3=BCrich (-3.9=C2=B0C)
From: Per Jessen on 10 Mar 2010 03:45 Per Jessen wrote: > Daniel Egeberg wrote: >=20 >> On Mon, Mar 8, 2010 at 23:21, Skip Evans <skip(a)bigskypenguin.com> >> wrote: >>> D'oh! >>> >>> ...and I suppose there is just no way around that, eh? >>> >>> Skip >>=20 >> You can use SNI, but it's not supported by all web servers and >> browsers. >>=20 >> http://en.wikipedia.org/wiki/Server_Name_Indication >>=20 >=20 > I don't know about the browser support, but the Apache and SNI > implementation is well described in this article: >=20 > http://www.heise.de/kiosk/archiv/ct/2009/23/174_kiosk (download for = a > fee) >=20 This looks like a pretty decent article too: http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts= According to that, the following browsers support SNI: * Opera 8.0+ * Firefox 2+ * Internet Explorer 7+ (but not on Windows XP) * Safari 3.2.1+=20 --=20 Per Jessen, Z=C3=BCrich (-3.9=C2=B0C)
From: Jochen Schultz on 10 Mar 2010 03:57
Thanks Per, well here is a short translation of this article: http://www.tech-nerds.de/blog/2009/02/apache2-mit-mehreren-ssl-virtualhosts/ If you havn't installed apache2-threaded-dev: You need the current verion of gnutls (download from gnu.org) Download, unpack, compile and install as usual. Than call ldconfig. And than install apache2-threaded-dev: ../configure --with.apxs2=/usr/bin/apxs2 make install (Which copies apache module (hopefully) to this path: /usr/lib/apache2/modules) Than create /etc/apache2/mods-enabled/gnutls.load with following entry: LoadModule gnutls_module /usr/lib/apache2/modules/mod_gnutls.so And you have to Create /etc/apache2/mods-enabled/gnutls.conf containing the following: <IfModule gnutls_module> GnuTLSCache dbm /var/cache/mod_gnutls_cache GnuTLSCacheTimeout 300 </IfModule> Well and than every vhost that has to use SSL needs an entry like this: <VirtualHost 192.168.1.250:443> ServerName www.example.de GnuTLSEnable on GnuTLSPriorities NORMAL GnuTLSCertificateFile /etc/certs/example_server.pem GnuTLSKeyFile /etc/certs/example_key.pem DocumentRoot "/var/www/example.de" .... </DocumentRoot> regards Jochen Schultz P.S. I think i will have to give it a try right now. Per Jessen schrieb: > Jochen Schultz wrote: > >> AFAIK Apache 2 doesn't support virtual hosts for SSL. >> > > I think it does now - there was even a c't article on the topic not long > ago. I'll see if I can find it. > > > /Per > -- Sport Import GmbH - Amtsgericht Oldenburg - Tel: +49-4405-9280-63 Industriestrasse 39 - HRB 1202900 - 26188 Edewecht - GF: Michael Müllmann |