From: Per Jessen on
Per Jessen wrote:

> Jochen Schultz wrote:
>=20
>> AFAIK Apache 2 doesn't support virtual hosts for SSL.
>>=20
>=20
> I think it does now - there was even a c't article on the topic not
> long ago. I'll see if I can find it.

http://www.heise.de/kiosk/archiv/ct/2009/23/174_kiosk (download for a
fee)


--=20
Per Jessen, Z=C3=BCrich (-3.9=C2=B0C)

From: Per Jessen on
Per Jessen wrote:

> Daniel Egeberg wrote:
>=20
>> On Mon, Mar 8, 2010 at 23:21, Skip Evans <skip(a)bigskypenguin.com>
>> wrote:
>>> D'oh!
>>>
>>> ...and I suppose there is just no way around that, eh?
>>>
>>> Skip
>>=20
>> You can use SNI, but it's not supported by all web servers and
>> browsers.
>>=20
>> http://en.wikipedia.org/wiki/Server_Name_Indication
>>=20
>=20
> I don't know about the browser support, but the Apache and SNI
> implementation is well described in this article:
>=20
> http://www.heise.de/kiosk/archiv/ct/2009/23/174_kiosk (download for =
a
> fee)
>=20

This looks like a pretty decent article too:

http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts=


According to that, the following browsers support SNI:

* Opera 8.0+
* Firefox 2+
* Internet Explorer 7+ (but not on Windows XP)
* Safari 3.2.1+=20


--=20
Per Jessen, Z=C3=BCrich (-3.9=C2=B0C)

From: Jochen Schultz on
Thanks Per,

well here is a short translation of this article:
http://www.tech-nerds.de/blog/2009/02/apache2-mit-mehreren-ssl-virtualhosts/

If you havn't installed apache2-threaded-dev:
You need the current verion of gnutls (download from gnu.org)
Download, unpack, compile and install as usual. Than call ldconfig.
And than install apache2-threaded-dev:
../configure --with.apxs2=/usr/bin/apxs2
make install
(Which copies apache module (hopefully) to this path:
/usr/lib/apache2/modules)

Than create /etc/apache2/mods-enabled/gnutls.load with following entry:

LoadModule gnutls_module /usr/lib/apache2/modules/mod_gnutls.so

And you have to Create /etc/apache2/mods-enabled/gnutls.conf containing
the following:

<IfModule gnutls_module>
GnuTLSCache dbm /var/cache/mod_gnutls_cache
GnuTLSCacheTimeout 300
</IfModule>

Well and than every vhost that has to use SSL needs an entry like this:

<VirtualHost 192.168.1.250:443>
ServerName www.example.de
GnuTLSEnable on
GnuTLSPriorities NORMAL
GnuTLSCertificateFile /etc/certs/example_server.pem
GnuTLSKeyFile /etc/certs/example_key.pem
DocumentRoot "/var/www/example.de"
....
</DocumentRoot>

regards

Jochen Schultz

P.S. I think i will have to give it a try right now.

Per Jessen schrieb:
> Jochen Schultz wrote:
>
>> AFAIK Apache 2 doesn't support virtual hosts for SSL.
>>
>
> I think it does now - there was even a c't article on the topic not long
> ago. I'll see if I can find it.
>
>
> /Per
>

--
Sport Import GmbH - Amtsgericht Oldenburg - Tel: +49-4405-9280-63
Industriestrasse 39 - HRB 1202900 -
26188 Edewecht - GF: Michael Müllmann