[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Question: serving two different SSL certificates under A
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] Question: serving two different SSL certificates under Apache? |
|
Date: |
Tue, 10 Jun 2014 10:47:24 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0 |
On 06/10/2014 10:41 AM, Stephan Seitz wrote:
>> In the end, I ended up with TWO <VirtualHost> blocks in the Apache
>> config after all. All works now, as long as you remember to add
>> "NameVirtualHost *:443"!
>>
>> For reference, the following is my full Apache config for HTTPS on
>> keyserver.zap.org.au:
>
> Since some clients don't use SNI, I'ld swap the entries so the hkps-pool
> entry serves first as default. That way, without SNI capability the
> hkps-pool certificate is offered.
I believe that SNI is considered mandatory for HKPS.
If you're talking about web browsers for people manually looking at the
sites, then we're talking about only (a) older android clients or (b)
IE and safari on Windows XP. I'm not sure how important those are, or
whether it's worthwhile to bother with any changes on their behalf.
--dkg
signature.asc
Description: OpenPGP digital signature