maria-discuss team mailing list archive
Mailing list archive
Re: TLS SNI support
Actually, that’s a big annoyance with Apache, that the configuration
expects every virtual host to have the same SSL certificate. So if your
vhost has 5 domains, you need a single certificate with 5 domains. Bleh.
Well you just make 5 vhosts with each having it’s own certificate definition
but everything else common (like use include etc).
Though this out of scope of this mailinglist.
Mail is less useful but still relevant: domain owners want to brand all of
their services with their domain name. If I’m setting up
“felipes-stuff.com” and have employees go to “hals-hosting.net” for mail,
that’s not as “branded” of an experience as if everything used the same
Database access is similar. There is still a use case for SNI here, even
if it’s not the most apparent one.
If you really want to "brand" your single Mysql instance by having multiple
SSL certicates (as the previous person said - I don't see a very valid
reason either) you can plug a SSL offloader like haproxy between in TCP
mode. Then just simply provide a directory of all the *.pem certificates and
haproxy will do the rest.