apache httpd 單一IP多個 SSL 網站的設定

2015051514:28
原,一個 IP 只能設定一個 SSL 網站
apache httpd 2.2.12+後,單一 IP 可不需裝其它模組即可安裝多張 SSL憑證

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck

設定 On ( default Off)
SSLStrictSNIVHostCheck on

來開啟 SNI (Server Name Indication )
適用於:httpd 2.2.12+

另幾個基本條件是:

Server 端:
  • Use OpenSSL 0.9.8f or later
  • Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default).
  • Apache must have been built with that OpenSSL (./configure --with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI.
  • Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You'll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn't finding the right openssl libraries at run-time.)

用戶端的瀏覽器:
  • Mozilla Firefox 2.0 or later
  • Opera 8.0 or later (with TLS 1.1 enabled)
  • Internet Explorer 7.0 or later (on Vista, not XP)
  • Google Chrome
  • Safari 3.2.1 on Mac OS X 10.5.6


ref:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
http://zh.wikipedia.org/wiki/超文本传输安全协议
http://fredwei1031.blogspot.tw/2014/12/server-name-indication-sni.html