0

What is your recommendation regarding how to host multiple HTTPS web sites, with multiple virtual hostnames on a single external IP address? I need to support older web clients and I don't like the idea of using the same crypto key.

My environment is Apache 2.4, running on Debian/GNU Linux v9.

Jonas Bjork
  • 386
  • 1
  • 4
  • Define "older web clients". Are we talking non-SNI like Windows XP? What are your concerns with a multi-domain certificate sharing a single key? The most likely key compromise cause is a server compromise, which would have the same impact. – ceejayoz Jun 28 '18 at 13:26
  • Your question is too broad with too little details on your setup. "Multiple HTTPS sites on the same IP" is something very common... – Patrick Mevzek Jun 28 '18 at 13:37
  • Non-SNI yes. The different sites belong to different entities so key sharing is a no-go. I don't believe it's too broad @Patrick Mevzek - how would you do it? – Jonas Bjork Jun 28 '18 at 13:41
  • 1
    Why do you talk about key sharing? If you have different certificates that is not a problem. How do you expect to have multiple HTTPS website on the same IP if clients do not use SNI? This is contradictory... Hence your constraints space is not clear. Edit your post to add more details. – Patrick Mevzek Jun 28 '18 at 13:44
  • I'm simply asking if it's possible. As @ceejayoz mentioned, key/cert sharing is one option. Are there any other? – Jonas Bjork Jun 28 '18 at 13:49
  • @JonasBjork If server sharing is acceptable, key sharing should be. I don't think you have many other options if you really can't get more IPs. – ceejayoz Jun 28 '18 at 13:50

0 Answers0