← Back to team overview

maria-discuss team mailing list archive

Re: TLS SNI support


Actually, that’s a big annoyance with Apache, that the configuration expects every virtual host to have the same SSL certificate. So if your vhost has 5 domains, you need a single certificate with 5 domains. Bleh.

Well you just make 5 vhosts with each having it’s own certificate definition but everything else common (like use include etc).
Though this out of scope of this mailinglist.

Mail is less useful but still relevant: domain owners want to brand all of their services with their domain name. If I’m setting up “felipes-stuff.com” and have employees go to “hals-hosting.net” for mail, that’s not as “branded” of an experience as if everything used the same domain.

Database access is similar. There is still a use case for SNI here, even if it’s not the most apparent one.

If you really want to "brand" your single Mysql instance by having multiple SSL certicates (as the previous person said - I don't see a very valid reason either) you can plug a SSL offloader like haproxy between in TCP mode. Then just simply provide a directory of all the *.pem certificates and haproxy will do the rest.


Follow ups