I am trying to setup SNI on a server running Ubuntu 8.04 with openssl 0.9.8g and apache 2.2.8. I know that I need either mod_gnutils or openssl 0.9.8j (I think) to support SNI. Is it possible to do this under Ubuntu 8.04 without having to recompile apache? If not, I think I would feel better just upgrading my server to 10.04.
Asked
Active
Viewed 556 times
1 Answers
1
SNI for Apache 2.2 requires OpenSSL with tlsext support compiled. This is done since the OpenSSL 0.9.8g-10ubuntu1 package shipped with Intrepid (8.10), which is not available for Hardy via backports.
So you either switch to 10.04 or recompile from the Intrepid source package. I would personally suggest upgrading to Lucid.
References:
earl
- 2,971
- 24
- 16
-
Ideally, I would upgrade to 10.04. However, I am on a tight deadline and don't have the luxury of being able to test everything I should before upgrading a production server. I was able to compile libgnutls and mod_gnutls and get SNI setup. However, I am having issues with IE and Chrome on Vista and I'm not sure if it's my implementation or not (http://serverfault.com/questions/162836/windows-vista-wrong-certificate-with-sni). If it is, I may end up having to upgrade anyway. – JamesArmes Jul 22 '10 at 00:46
-
If a custom-compiled mod_gnutls works for you, that's certainly a good way to go. – earl Jul 22 '10 at 01:32