-1

Is it possible to serve different public certificates based on the port the client is connecting?

I am aware that using SNI (in conjunction with NameVirtualHost) server will respond with appropriate certificate.

I would like to be able aside from having SNI resolution on 443 port, have different ports (eg 1443, 2443, 3443) for each certificate.

That would support older (SNI unaware) clients, which would connect to specific port.

igobivo
  • 113
  • 2

1 Answers1

2

Yes, you just add further VirtualHosts in apache with the new port numbers and the appropriate SSLCertificateFile directives inside. You could duplicate the default ssl.conf file you get (on RHEL at least) and change <VirtualHost _default_:443>, Listen 443 etc.

Of course any HTTPS clients are not going to be able to discover the right HTTPS endpoints at these weird and wacky ports unless you include the port in the URL explicitly, so not so good for public facing websites.

Mintra
  • 561
  • 3
  • 7
  • thanks, that works perfectly. this is used in test environment with some java 1.6 clients (therefore SNI is not supported). – igobivo Dec 22 '15 at 13:29
  • Java 1.6 doesn't have the best ciphers either. It is better than no TLS, but you aren't going to get a good grade from various test tools. – John Mahowald Dec 22 '15 at 19:12