> On 2 Sep 2016, at 1:59 PM, Reinis Rozitis <r...@roze.lv> wrote: > >> Actually, that’s a big annoyance with Apache, that the configuration expects >> every virtual host to have the same SSL certificate. So if your vhost has 5 >> domains, you need a single certificate with 5 domains. Bleh. > > Well you just make 5 vhosts with each having it’s own certificate definition > but everything else common (like use include etc). > Though this out of scope of this mailinglist. >
On a site that hosts tens of thousands of domains that becomes inefficient very quickly. But, as you say, off-topic. > >> Mail is less useful but still relevant: domain owners want to brand all of >> their services with their domain name. If I’m setting up “felipes-stuff.com” >> and have employees go to “hals-hosting.net” for mail, that’s not as >> “branded” of an experience as if everything used the same domain. > >> Database access is similar. There is still a use case for SNI here, even if >> it’s not the most apparent one. > > If you really want to "brand" your single Mysql instance by having multiple > SSL certicates (as the previous person said - I don't see a very valid reason > either) you can plug a SSL offloader like haproxy between in TCP mode. Then > just simply provide a directory of all the *.pem certificates and haproxy > will do the rest. We’ll still need a client library that “speaks” SNI. I’ll look into haproxy and see what’s what. Thanks! -FG _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
