我怎么可以设定不同的SSL证书与Apache虚拟主机？ [英] How can I setup different SSL-Certificates for vhosts on Apache?

问题描述

我有一个Web服务器，供应不同的域的名称，但只有一个分配的IP地址。这工作正常，在Apache的虚拟主机。现在，我要为网站SSL加密连接。我怎样才能为不同的虚拟主机设定不同的SSL证书吗？

I have a web-server, that serves different domain-names, but has only one IP-address assigned. That works fine with virtual hosts in Apache. Now I want SSL-encrypted connections for the websites. How can I set different SSL-certificates for the different vhosts?

使用不同的IP对不同的主机名将是一个解决方案 - 不是很优雅，但可能的。但我想知道，我怎么可以使用不同的SSL证书不同的虚拟主机。所以我期待只有一个IP地址的解决方案。

Using different IP's for the different hostnames would be an solution - not very elegant but possible. But I want to know, how I can use different SSL-certificates for different vhosts. So I look for a solution with only one IP-address.

推荐答案

更新：2013

看来，SNI终于开始搦如旧的浏览器都在下降了。以下是为Apache SNI 的文档和这里是一个的上SNI 维基百科的文章，其中包括在支持它的浏览器的图表。总之，所有的主流浏览器都支持它支持的版本;如果支持旧的浏览器是很重要的，你可能要考虑到这一点。

It appears that SNI is finally beginning take hold as older browsers are falling away. Here are the docs for Apache SNI and here is a wikipedia article on SNI that includes a chart on browsers that support it. In short, all the major browsers support it in supported versions; if supporting older browsers is important, you may have to take that into consideration.

的 ------ previous答案------------ 的

SSL主机必须连接到一个唯一的IP地址/端口组合，所以你不能使用虚拟主机（或者至少，它只能有每个IP在地址一SSL主机）。这是由于HTTPS主机开始前加密的事实：参数在HTTP发送的，因此它无法确定从主机使用的密码 - 所有它是IP地址

SSL Hosts must be tied to a unique IP address/port combination, thus you cannot use virtual hosting (Or at least, it can only have one ssl host per IP address). This is due to the fact that https begins encryption before the Host: parameter is sent in http, and thus it cannot determine which cipher to use from the hostname - all it has is the IP address.

这将是愚蠢容易解决，如果HTTP有一个TLS命令，因此它可能要求的主机名后开始SSL，但没有人问我。

This would be silly easy to fix if HTTP had a TLS command so it could start SSL after asking for the hostname, but no one asked me.

有关确切的答案，请参见 HTTP：//httpd.apache。组织/文档/ 2.0 / SSL / ssl_faq.html＃vhosts2

For the definitive answer, see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

这篇关于我怎么可以设定不同的SSL证书与Apache虚拟主机？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！