[Systems] [Fwd: Re: Server Name Indication - Wikipedia, the free encyclopedia]

Bernie Innocenti bernie at codewiz.org
Sun Aug 22 12:14:31 EDT 2010

Previous message: [Systems] Load on treehouse
Next message: [Systems] [Fwd: Re: Server Name Indication - Wikipedia, the free encyclopedia]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Raul just made me realize that we can't use many SSL keys for the
services hosted on sunjammer.

Unless, of course, we assign multiple IPs to the same box just for this
purpose. Shan't.

--------- Mensaje reenviado --------
De: Raul Gutierrez Segales <rgs at rieder.net.py>
Reply-to: rgs at rieder.net.py
Para: Bernie Innocenti <bernie at sugarlabs.org>
Asunto: Re: Server Name Indication - Wikipedia, the free encyclopedia
Fecha: Sun, 22 Aug 2010 11:07:06 -0400

On Sun, 2010-08-22 at 11:56 -0300, Bernie Innocenti wrote:
> El Sun, 22-08-2010 a las 05:49 -0400, Raul Gutierrez Segales escribió:
> > Dude, 
> > 
> > Very cool, I didn't know there was an extension to workaround the limitation of one https host / public IP address:
> > 
> > http://en.wikipedia.org/wiki/Server_Name_Indication
> > 
> > This was a problem for me in PY where public IP are scarce, perhaps you never banged 
> > your head against the wall with this because you always worked in the US/Italy where public IPs 
> > are abundant.
> > 
> > Or have you used SNI?
> 
> Never. Browser support is scarce and even Apache did not support it when
> I first heard of it...
> 
> However, it turns out that you don't need SNI in many cases. The Apache
> documentation on the topic of SSL and VirtualHosts is misleading. A lot
> of people think that apache can't dispatch SSL requests to the correct
> virtual host, but this is false.
> 
> As long as the same commonName in the SSL key (*.paraguayeduca.org) can
> apply to both virtual hosts (wiki.paraguayeduca.org and
> www.paraguayeduca.org), there's no problem. I've been doing it all the
> time both at Sugar Labs and Develer.

But you'd have to use _one_ SSL key for both wiki and www?

That is not always the case...

> 
> BTW, StartSSL is giving out free (non-wildcard) certificates. If you
> hate the SSL mafia like I do, you could use CAcert instead (but their
> certificates will produce a warning with most browsers).
> 

Yay!



-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

Previous message: [Systems] Load on treehouse
Next message: [Systems] [Fwd: Re: Server Name Indication - Wikipedia, the free encyclopedia]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list