Comments on How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions
How To Enable Multiple HTTPS Sites For One IP On Debian Etch Using TLS Extensions This how-to is Debian specific but could be ported to other distributions since the concept is the same. In order to use TLS Extensions we have to patch and recompile apache2 and recompile OpenSSL with the enable-tlsext directive. Since TLS Extensions are relatively new, some internet browsers will not work so the apache2 server will deliver just the default site as http 1.0 does on an http 1.1 server.
4 Comment(s)
Comments
A lot of content on howtoforge is targeting newbie users. This is fine with me, but it is very nice to see an advanced topic covered. Thought about TLS extensions before, so it is good to see it done for apache. Well done.
Have completed a test setup of ispconfig and this new multi site TLS and it works great
I have placed my comments in the forum http://howtoforge.com/forums/showthread.php?t=17597
This is a much wanted howto and Kudos to the maker. Many many thanks
Hello,
in 3. Compiling OpenSSL-0.9.8g shouldn't it be "/etc/apt/sources.list" instead of "/etc/apt/sources.lst"?
daff
The howto does not mention that to compile apache2 with the SNI patch active you need to link it at compile time with the newer OpenSSL.
The solution is to first compile OpenSSL and then inform pbuilder of your newer OpenSSL packages before compiling apache2 with SNI support.
See http://wiki.debian.org/PbuilderTricks ("How to include local packages") on details how to setup pbuilder.