apache httpd 2.2.12+後,單一 IP 可不需裝其它模組即可安裝多張 SSL憑證
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslstrictsnivhostcheck
設定 On ( default Off)
SSLStrictSNIVHostCheck on
來開啟 SNI (Server Name Indication )
適用於:httpd 2.2.12+
另幾個基本條件是:
Server 端:
- Use OpenSSL 0.9.8f or later
- Build OpenSSL with the TLS Extensions option enabled (option enable-tlsext; OpenSSL 0.9.8k and later has this enabled by default).
- Apache must have been built with that OpenSSL (./configure --with-ssl=/path/to/your/openssl). In that case, mod_ssl will automatically detect the availability of the TLS extensions and support SNI.
- Apache must use that OpenSSL at run-time, which might require setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL, maybe in bin/envvars. (You'll get unresolved symbol errors at Apache startup if Apache was built with SNI but isn't finding the right openssl libraries at run-time.)
用戶端的瀏覽器:
- Mozilla Firefox 2.0 or later
- Opera 8.0 or later (with TLS 1.1 enabled)
- Internet Explorer 7.0 or later (on Vista, not XP)
- Google Chrome
- Safari 3.2.1 on Mac OS X 10.5.6
ref:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
http://zh.wikipedia.org/wiki/超文本传输安全协议
http://fredwei1031.blogspot.tw/2014/12/server-name-indication-sni.html