[clue-tech] Multiple SSL VHosts in Apache on same port and IP
Mike Staver
staver at fimble.com
Sun Mar 8 15:02:29 MDT 2009
David L. Anselmi wrote:
> Collins Richey wrote:
>> On Sun, Mar 8, 2009 at 7:57 AM, Jed S. Baer <cluemail at jbaer.cotse.net>
>> wrote:
>>> On Sat, 07 Mar 2009 23:20:00 -0700
>>> Mike Staver wrote:
>>>
>>>> [...] Does anyone know if this is supported in a recent Linux
>>>> distros?
>>
>> After reading the blog, it sounds like this is potentially a big
>> security hole.
>
> It sounds like it's potentially a big security hole for those who
> already have a potentially big security hole.
>
> To answer the original question, openssl 0.9.9 isn't out yet, but
> mod_gnutls is.
Yeah, to me it sounded like a big hole for those who were using the same
server to spit out Internet and Intranet based sites. I'm not sure it
would affect what I'd be trying to do since all my sites are internet
facing.
All I know is that I'm more than ready for this kind of tech. Going
back to 2000, I've tried many different ways to hack around having
multiple websites with certs on them. earlier this decade, I would just
get one of those wild card certs and use it for load balancing. The
issue was that when one server would go down, another would take it's
place. I had copies of all the certs and keys on each web server for
each FQDN, and at first I couldn't figure out why only the top level
cert was going out for all of them. Once I learned of this problem, I
just used the wildcard cert and the problems went away. The minute you
want to host different web sites with different domain names that all
use SSL, you're sunk.
I think most hosting companies get around this with multiple IP
addresses. I think even if you're on the same server, it will be fine as
long as each domain name has it's own dedicated IP.
--
-Mike Staver
staver at fimble.com
More information about the clue-tech
mailing list