[HacktionLab] progress on registration form
Mike Harris
mike at mbharris.co.uk
Fri May 14 10:11:34 BST 2010
> This has actually never been the case, though there's plenty of web
> pages to tell you it's technically impossible. I don't know where
> people get off on this one, scheeze. Well, this isn't that true, you
> need to use TLS rather than SSL.
>
Hang on mate. It is effectively the case because I've experienced it
first hand, I've never read about it.
> What is impossible is to have more than one SSL certificate per IP on
> an Apache webserver using the dodgy SSL implementation (mod_ssl).
> GnuTLS has supported this for a long while though.
Right I see, okay so my explanation as to the problem was wrong, but the
actual end result (only one ssl-enabled site per IP on Apache) is the
same using SSL in this case.
>
> The debian package libapache2-mod-gnutls has gnutls for apache2
> (mod_gnutls). To get the module up do "a2enmod gnutls" then "a2dismod
> ssl". The set up is different to the usual mod_ssl, you'll need to
> look it up. The configs MIGHT look something like this:
>
> <VirtualHost 192.168.0.1:443>
> ServerName v1.example.org:443
> GnuTLSEnable on
> GnuTLSCertificateFile /etc/pki_custom/certs/v1.example.org.crt
> GnuTLSKeyFile /etc/pki_custom/private/v1.example.org.key
> DocumentRoot "/var/www/v1/public_html"
> </VirtualHost>
Cool. Thanks Ben, very useful. Perhaps that's something that'll help Yoss.
I don't think any of that existed, or at least I looked at it, when I
last played with the problem some 5+ years ago on Apache 1.x.
>
> Cheers,
> ==
> From Ben Green
More information about the HacktionLab
mailing list