On Fri, Jul 5, 2024 at 10:23 AM rexkogit...@gmx.at.INVALID <rexkogit...@gmx.at.invalid> wrote:
> Hi Michael, > > > you can add any number of domain names to a TLS certificate. These entries > are known as SAN (Subject Alternative Name). So, you want a single TLS > certificate with multiple domain names instead of multiple TLS certificates > each with a single domain name. > > > Kind regards, > rexkogitans > Am 04.07.24 um 15:57 schrieb Frank Gingras: > > > > On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov <micha...@apache.org> wrote: > >> Folks, >> >> please consider the following example: >> > <VirtualHost *:443> >> > ServerAdmin m...@example.com >> > ServerName foo.example.com >> > ServerAlias foo.sub.example.net >> > DocumentRoot /usr/local/www/apache24/data >> > ErrorLog "/var/log/apache/foo-ssl-errors.log" >> > CustomLog "/var/log/apache/foo-ssl-access.log" common >> > >> > SSLEngine On >> > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt >> > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt >> > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt >> > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt >> > >> > Include "..." >> > </VirtualHost> >> >> I'd like to run a single vhost serving the same content under multiple >> FQDNs to the users >> >> As far as I understand mod_ssl it does not seem to support to have SNI on >> a single vhost with multiple hostnames. I get error messages in the log >> file. >> I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd". >> FWIW: the same concept is support with Tomcat: One connector, one default >> host, aliases and several SSLHostConfig elements. >> Is the approach to run two vhosts here? I am sure that a SAN certificate >> will do the trick, but for €€€ reasons I won' able to order one. >> >> Michael >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > In that case, define separate :443 vhosts for each name, and redirect to > the main one. > > They already said that for price reasons, that consideration is not on the table.
