Yes. For SSL, you need {uuid}.crt/{uuid}.key files (based on the server
uuid) for non-SNI clients, and any number of {domain}.crt/{domain}.key
files for SNI clients.
A couple of notes:
1) The majority of clients support SNI, but this is still not
everyone. Notably IE users on Windows XP do not support it, and this is
still a potentially large marketshare (up to something like 25%). So,
relying on SNI is a major decision about who you will allow access.
2) Even if you don't care about SNI (because you want to support
every browser), you must still supply the {domain}.crt/{domain}.key
files to cover SNI traffic. The code does not fall back to the default
cert if an SNI negotiation fails.
On 05/16/2013 05:24 AM, William MARTIN wrote:
> Justin Karneges have merge a SNI branch into mongrel2 develop branch
> some month ago.
> Does anyone have test it ?
>
> @Justin Karneges, does the SNI support is done ?
>
> https://github.com/zedshaw/mongrel2/commit/d995be83f2054c763fe087fd96104f4bb0704986
>
> On Wed, May 15, 2013 at 8:42 PM, William MARTIN <[email protected]> wrote:
>> It's will be nice !
>> Running 10+ mongrel2 process just to change the certificat is not really fun.
>>
>>
>> On Wed, May 15, 2013 at 8:37 PM, Robert Pankowecki
>> <[email protected]> wrote:
>>> On Wed, May 15, 2013 at 8:17 PM, Loic d'Anterroches <[email protected]> wrote:
>>>>
>>>>
>>>> It means you need one ip address per domain. Which at the end means N
>>>> mongrel2 processes for N domains.
>>>
>>>
>>> http://en.wikipedia.org/wiki/Server_Name_Indication
>>>
>>> It should be possible to configure server to use separate SSL cert per
>>> domain if one really wants to.
>>
>>
>>
>> --
>> ---------------------------------------------------------
>> William MARTIN
>> wysman @NoSpAm@ gmail @DoT@ com
>
>
>
