[Systems] SNI

Bernie Innocenti bernie at codewiz.org
Sun Sep 5 16:54:34 EDT 2010


El Sat, 04-09-2010 a las 01:12 +0200, Sascha Silbe escribió:

> Does Apache apply non-certificate SSL settings per VHost as well? I.e.
> could I set up a VHost bugs-sso.sugarlabs.org and have it ask for client
> certificates while all other VHosts do not request them? That would
> even avoid the need to set this up on a separate IP address.
> With SNI this should be possible, but I don't know whether Apache
> actually supports it.

I don't know neither... feel free to try and let us know.

FWIW, I don't consider SSL client certificates a feasible solution to
consolidate Sugar Labs sign-on. While some of us may take advantage of
it, many users have trouble figuring out how to generate certificates
and install them in their browsers.

If we could hook up as many services as possible to a central
authentication service such as CAS or OpenID, this in turn could offer a
number of login methods, including passwords and perhaps also SSL
certificates.

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/



More information about the Systems mailing list