[CentOS] do i need a dedicated ip address for https?

David Hrbáč hrbac.conf at seznam.cz
Thu Dec 23 08:03:18 UTC 2010


Dne 23.12.2010 1:08, Les Mikesell napsal(a):
> The issue is that the server needs to know the hostname given to the 
> browser to find the matching certificate, and the only way to do that 
> and stay on the standard port 443 with the apache version on centos is 
> to bind each virtual host to a different IP address.  Per the apache ssl 
> faq at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2, 2.2.12 
> or later supports SNI where the browser passes the hostname before the 
> ssl session starts.
> 

Guys,
Of course that it's possible to host multi-site on ONE ip. As Les has
said, it's about SNI enabled web clients and servers. Not all clients
support SNI. As to Apache, there's no need to go with 2.2.12. SNI is
very easy to support with both Centos 4 and Centos 5. There's module
mod_gnutls packed for Centos in one of my repo. Used in production for a
few years now.

http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/repoview/
http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/repoview/
http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/repoview/
http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/repoview/

Regards,
David Hrbáč



More information about the CentOS mailing list