[CentOS] do i need a dedicated ip address for https?

Ross Walker rswwalker at gmail.com
Thu Dec 23 15:10:36 UTC 2010


On Dec 23, 2010, at 3:03 AM, David Hrbáč <hrbac.conf at seznam.cz> wrote:

> Dne 23.12.2010 1:08, Les Mikesell napsal(a):
>> The issue is that the server needs to know the hostname given to the 
>> browser to find the matching certificate, and the only way to do that 
>> and stay on the standard port 443 with the apache version on centos is 
>> to bind each virtual host to a different IP address.  Per the apache ssl 
>> faq at http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2, 2.2.12 
>> or later supports SNI where the browser passes the hostname before the 
>> ssl session starts.
>> 
> 
> Guys,
> Of course that it's possible to host multi-site on ONE ip. As Les has
> said, it's about SNI enabled web clients and servers. Not all clients
> support SNI. As to Apache, there's no need to go with 2.2.12. SNI is
> very easy to support with both Centos 4 and Centos 5. There's module
> mod_gnutls packed for Centos in one of my repo. Used in production for a
> few years now.
> 
> http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/i386/repoview/
> http://fs12.vsb.cz/hrb33/el5/hrb-tls/stable/x86_64/repoview/
> http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/i386/repoview/
> http://fs12.vsb.cz/hrb33/el4/hrb-tls/stable/x86_64/repoview/

As long as the forward DNS resolves to the common name the cert will be accepted and you can have multiple host names resolve to the same IP.

-Ross




More information about the CentOS mailing list